Cisco BBSM AccesCodeStart.asp文件跨站脚本漏洞

BUGTRAQ ID: 29191
CVE(CAN) ID: CVE-2008-2165

Cisco Building Broadband Service Manager（BBSM）是基于软件的服务创建平台，可为政府部门提供高度自动化的、非常方便的宽带服务方法。

Cisco BBSM的AccessCodeStart.asp页面没有正确地过滤对msg参数的输入便返回给了用户，这允许远程攻击者通过提交恶意URL请求执行跨站脚本攻击，导致在用户浏览器会话中执行任意HTML和脚本代码。

Cisco BBSM 5.3
Cisco

目前厂商已经发布了升级补丁以修复这个安全问题，请到厂商的主页下载：

<a href=“http://tools.cisco.com/support/downloads/go/ImageList.x?relVer=5.3&amp;mdfid=278455427&amp;sftType=Building Broadband Service Manager (BBSM) Updates&amp;optPlat=&amp;nodecount=2&amp;edesignator=null&amp;modelName=Cisco Building Broadband Service Manager 5.3&amp;treeMdfId=281527126&amp;treeName=Network Monitoring and Management” target=“_blank”>http://tools.cisco.com/support/downloads/go/ImageList.x?relVer=5.3&amp;mdfid=278455427&amp;sftType=Building Broadband Service Manager (BBSM) Updates&amp;optPlat=&amp;nodecount=2&amp;edesignator=null&amp;modelName=Cisco Building Broadband Service Manager 5.3&amp;treeMdfId=281527126&amp;treeName=Network Monitoring and Management</a>