Cisco Wireless Control System (WCS) HTTP Interface Login Page Unspecified XSS

2006-06-28T05:19:09
ID OSVDB:26880
Type osvdb
Reporter OSVDB
Modified 2006-06-28T05:19:09

Description

Vulnerability Description

Wireless Control System contains an unspecified flaw that allows a remote cross site scripting attack. This could allow a user to create a specially crafted URL referencing the HTTP interface login page that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.

Solution Description

Upgrade to version 3.2(63) or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.

Short Description

Wireless Control System contains an unspecified flaw that allows a remote cross site scripting attack. This could allow a user to create a specially crafted URL referencing the HTTP interface login page that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.

References:

Vendor Specific Advisory URL Security Tracker: 1016398 Secunia Advisory ID:20870 Related OSVDB ID: 26884 Related OSVDB ID: 26881 Related OSVDB ID: 26882 Related OSVDB ID: 26883 Mail List Post: http://archives.neohapsis.com/archives/fulldisclosure/2006-06/0783.html Keyword: CSCse01127 ISS X-Force ID: 27441 FrSIRT Advisory: ADV-2006-2583 CVE-2006-3289 Bugtraq ID: 18701