Cross site scripting

2010-08-1012:23:00

PRIOn knowledge base

www.prio-n.com

6.2 Medium

AI Score

Confidence

High

0.004 Low

EPSS

Percentile

72.7%

JSON

Cross-site scripting (XSS) vulnerability in webacs/QuickSearchAction.do in the search feature in the web interface in Cisco Wireless Control System (WCS) before 6.0(194.0) and 7.x before 7.0.164 allows remote attackers to inject arbitrary web script or HTML via the searchText parameter, aka Bug ID CSCtf14288.

CPENameOperatorVersion
wireless_control_system_softwareeq5.0.56.2
wireless_control_system_softwareeq5.2.148.0
wireless_control_system_softwareeq5.2.130.0
wireless_control_system_softwareeq4.2.130.0
wireless_control_system_softwareeq6.0
wireless_control_system_softwareeq4.1.19235109
wireless_control_system_softwareeq4.2.110.0
wireless_control_system_softwareeq4.2.176.0
wireless_control_system_softwareeq6.0.170.0
wireless_control_system_softwareeq4.1.191-xm

Name	Operator	Version
wireless_control_system_software	eq	5.0.56.2
wireless_control_system_software	eq	5.2.148.0
wireless_control_system_software	eq	5.2.130.0
wireless_control_system_software	eq	4.2.130.0
wireless_control_system_software	eq	6.0
wireless_control_system_software	eq	4.1.19235109
wireless_control_system_software	eq	4.2.110.0
wireless_control_system_software	eq	4.2.176.0
wireless_control_system_software	eq	6.0.170.0
wireless_control_system_software	eq	4.1.191-xm

Rows per page:

1-10 of 381

References

secunia.com/advisories/40827

www.cisco.com/en/US/docs/wireless/controller/release/notes/crn7.0.html

www.securityfocus.com/archive/1/512878/100/0/threaded

www.securityfocus.com/bid/42216

www.tomneaves.com/Cisco_Wireless_Control_System_XSS.txt