CVE-2009-0471

Cross-site request forgery CSRF vulnerability in the HTTP server in Cisco IOS 12.423 allows remote attackers to execute arbitrary commands, as demonstrated by executing the hostname command with a level/15/configure/-/hostname request...

CVE-2009-0470

Multiple cross-site scripting XSS vulnerabilities in the HTTP server in Cisco IOS 12.423 allow remote attackers to inject arbitrary web script or HTML via the PATHINFO to the default URI under 1 level/15/exec/-/ or 2 exec/, a different vulnerability than CVE-2008-3821...

Cisco XSS / XSRF Vulnerabilities

There was a Cisco Product Security Incident Response Team PSIRT advisory recently concerning some XSS/CSRF holes in the IOS.. quote Document ID: 98605 http://www.cisco.com/warp/public/707/cisco-sr-20090114-http.shtml Revision 1.0 For Public Release 2009 January 14 1600 UTC GMT Cisco Response: "Tw...

Cisco IOS 12.4(23) - HTTP Server Multiple Cross-Site Scripting Vulnerabilities

Cisco IOS 12.423 - HTTP Server Multiple Cross-Site Scripting Vulnerabilities source: https://www.securityfocus.com/bid/33625/info Cisco IOS HTTP Server is prone to multiple cross-site scripting vulnerabilities because it fails to properly sanitize user-supplied input. An attacker may leverage the...

Cisco IOS 12.4(23) - HTTP Server Multiple Cross-Site Scripting Vulnerabilities

source: https://www.securityfocus.com/bid/33625/info Cisco IOS HTTP Server is prone to multiple cross-site scripting vulnerabilities because it fails to properly sanitize user-supplied input. An attacker may leverage these issues to execute arbitrary script code in the browser of an unsuspecting...