CVE-2011-0959
Cisco Unified Operations Manager 8.5 - '/iptm/faultmon/ui/dojo/Main/eventmon_wrapper.jsp' Multiple Cross-Site Scripting Vulnerabilities
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
9Exploited in Wild
-Decision
Descriptions
Multiple cross-site scripting (XSS) vulnerabilities in Cisco Unified Operations Manager (CUOM) before 8.6 allow remote attackers to inject arbitrary web script or HTML via (1) the extn parameter to iptm/advancedfind.do, (2) the deviceInstanceName parameter to iptm/ddv.do, the (3) cmd or (4) group parameter to iptm/eventmon, the (5) clusterName or (6) deviceName parameter to iptm/faultmon/ui/dojo/Main/eventmon_wrapper.jsp, or the (7) ccmName or (8) clusterName parameter to iptm/logicalTopo.do, aka Bug ID CSCtn61716.
Múltiples vulnerabilidades de ejecución de secuencias de comandos en sitios cruzados (XSS) en Cisco Unified Operations Manager (CUOM) antes de v8.6, permite a atacantes remotos inyectar secuencias de comandos web o HTML a través de (1) el parámetro extn de iptm/advancedfind.do, (2) el parámetro deviceInstanceName de iptm/ddv.do, el (3) cmd o (4) el parámetro group de iptm/eventmon, el parámetro (5) clusterName o (6) deviceName de iptm/faultmon/ui/dojo/Main/eventmon_wrapper.jsp, o el parámetro (7) ccmName o (8) clusterName de iptm/logicalTopo.do, también conocido como Bug ID CSCtn61716.
Cisco Unified Operations Manager suffers from cross site scripting, remote SQL injection, and directory traversal vulnerabilities. Versions 8.0 and 8.5 are affected.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2011-02-10 CVE Reserved
- 2011-05-18 CVE Published
- 2011-05-18 First Exploit
- 2024-08-06 CVE Updated
- 2024-10-15 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
CWE
- CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CAPEC
References (11)
| URL | Tag | Source |
|---|---|---|
| https://exchange.xforce.ibmcloud.com/vulnerabilities/67521 | Vdb Entry |
| URL | Date | SRC |
|---|---|---|
| https://www.exploit-db.com/exploits/35765 | 2011-06-18 | |
| https://www.exploit-db.com/exploits/35766 | 2011-06-18 | |
| https://www.exploit-db.com/exploits/35762 | 2011-06-18 | |
| https://www.exploit-db.com/exploits/35763 | 2011-06-18 | |
| https://www.exploit-db.com/exploits/35764 | 2011-06-18 | |
| https://www.exploit-db.com/exploits/17304 | 2011-05-18 | |
| http://archives.neohapsis.com/archives/fulldisclosure/2011-05/0371.html | 2024-08-06 | |
| http://www.exploit-db.com/exploits/17304 | 2024-08-06 | |
| http://www.senseofsecurity.com.au/advisories/SOS-11-006.pdf | 2024-08-06 |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|---|---|
| http://tools.cisco.com/security/center/viewAlert.x?alertId=23085 | 2024-02-14 |
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Cisco Search vendor "Cisco" | Unified Operations Manager Search vendor "Cisco" for product "Unified Operations Manager" | <= 8.5 Search vendor "Cisco" for product "Unified Operations Manager" and version " <= 8.5" | - |
Affected
| ||||||
| Cisco Search vendor "Cisco" | Unified Operations Manager Search vendor "Cisco" for product "Unified Operations Manager" | 1.1 Search vendor "Cisco" for product "Unified Operations Manager" and version "1.1" | - |
Affected
| ||||||
| Cisco Search vendor "Cisco" | Unified Operations Manager Search vendor "Cisco" for product "Unified Operations Manager" | 2.0 Search vendor "Cisco" for product "Unified Operations Manager" and version "2.0" | - |
Affected
| ||||||
| Cisco Search vendor "Cisco" | Unified Operations Manager Search vendor "Cisco" for product "Unified Operations Manager" | 2.0.1 Search vendor "Cisco" for product "Unified Operations Manager" and version "2.0.1" | - |
Affected
| ||||||
| Cisco Search vendor "Cisco" | Unified Operations Manager Search vendor "Cisco" for product "Unified Operations Manager" | 2.0.2 Search vendor "Cisco" for product "Unified Operations Manager" and version "2.0.2" | - |
Affected
| ||||||
| Cisco Search vendor "Cisco" | Unified Operations Manager Search vendor "Cisco" for product "Unified Operations Manager" | 2.0.3 Search vendor "Cisco" for product "Unified Operations Manager" and version "2.0.3" | - |
Affected
| ||||||
| Cisco Search vendor "Cisco" | Unified Operations Manager Search vendor "Cisco" for product "Unified Operations Manager" | 2.1 Search vendor "Cisco" for product "Unified Operations Manager" and version "2.1" | - |
Affected
| ||||||
| Cisco Search vendor "Cisco" | Unified Operations Manager Search vendor "Cisco" for product "Unified Operations Manager" | 2.2 Search vendor "Cisco" for product "Unified Operations Manager" and version "2.2" | - |
Affected
| ||||||
| Cisco Search vendor "Cisco" | Unified Operations Manager Search vendor "Cisco" for product "Unified Operations Manager" | 2.3 Search vendor "Cisco" for product "Unified Operations Manager" and version "2.3" | - |
Affected
| ||||||
| Cisco Search vendor "Cisco" | Unified Operations Manager Search vendor "Cisco" for product "Unified Operations Manager" | 8.0 Search vendor "Cisco" for product "Unified Operations Manager" and version "8.0" | - |
Affected
| ||||||