Multiple cross-site scripting (XSS) vulnerabilities in the HTTP server in Cisco IOS 11.0 through 12.4 allow remote attackers to inject arbitrary web script or HTML via (1) the query string to the ping program or (2) unspecified other aspects of the URI.
jvn.jp/en/jp/JVN28344798/index.html
osvdb.org/51393
osvdb.org/51394
secunia.com/advisories/33461
securityreason.com/securityalert/4916
securitytracker.com/id?1021598
www.cisco.com/en/US/products/products_security_response09186a0080a5c501.html
www.procheckup.com/vulnerability_manager/vulnerabilities/pr08-19
www.securityfocus.com/archive/1/500063/100/0/threaded
www.securityfocus.com/bid/33260
www.vupen.com/english/advisories/2009/0138
exchange.xforce.ibmcloud.com/vulnerabilities/47947