CVSS: 6.1EPSS: 0%CPEs: 38EXPL: 1CVE-2010-2986
https://notcve.org/view.php?id=CVE-2010-2986
09 Aug 2010 — Cross-site scripting (XSS) vulnerability in webacs/QuickSearchAction.do in the search feature in the web interface in Cisco Wireless Control System (WCS) before 6.0(194.0) and 7.x before 7.0.164 allows remote attackers to inject arbitrary web script or HTML via the searchText parameter, aka Bug ID CSCtf14288. Vulnerabilidad de ejecución de secuencias de comandos en sitios cruzados (XSS) en webacs/QuickSearchAction.do de la opción de búsqueda del interfaz web de Cisco Wireless Control System (WCS) anterior a... • http://secunia.com/advisories/40827 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 10.0EPSS: 1%CPEs: 2EXPL: 0CVE-2007-5382
https://notcve.org/view.php?id=CVE-2007-5382
12 Oct 2007 — The conversion utility for converting CiscoWorks Wireless LAN Solution Engine (WLSE) 4.1.91.0 and earlier to Cisco Wireless Control System (WCS) creates administrator accounts with default usernames and passwords, which allows remote attackers to gain privileges. La utilidad de conversión para converting CiscoWorks Wireless LAN Solution Engine (WLSE) 4.1.91.0 y versiones anteriores en Cisco Wireless Control System (WCS) crea cuentas de administrador con nombres y contraseñas por defecto, lo cual permite a a... • http://osvdb.org/37936 • CWE-264: Permissions, Privileges, and Access Controls •