// For flags

CVE-2011-0959

Cisco Unified Operations Manager 8.5 - '/iptm/faultmon/ui/dojo/Main/eventmon_wrapper.jsp' Multiple Cross-Site Scripting Vulnerabilities

Severity Score

4.3
*CVSS v2

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

9
*Multiple Sources

Exploited in Wild

-
*KEV

Decision

-
*SSVC
Descriptions

Multiple cross-site scripting (XSS) vulnerabilities in Cisco Unified Operations Manager (CUOM) before 8.6 allow remote attackers to inject arbitrary web script or HTML via (1) the extn parameter to iptm/advancedfind.do, (2) the deviceInstanceName parameter to iptm/ddv.do, the (3) cmd or (4) group parameter to iptm/eventmon, the (5) clusterName or (6) deviceName parameter to iptm/faultmon/ui/dojo/Main/eventmon_wrapper.jsp, or the (7) ccmName or (8) clusterName parameter to iptm/logicalTopo.do, aka Bug ID CSCtn61716.

Múltiples vulnerabilidades de ejecución de secuencias de comandos en sitios cruzados (XSS) en Cisco Unified Operations Manager (CUOM) antes de v8.6, permite a atacantes remotos inyectar secuencias de comandos web o HTML a través de (1) el parámetro extn de iptm/advancedfind.do, (2) el parámetro deviceInstanceName de iptm/ddv.do, el (3) cmd o (4) el parámetro group de iptm/eventmon, el parámetro (5) clusterName o (6) deviceName de iptm/faultmon/ui/dojo/Main/eventmon_wrapper.jsp, o el parámetro (7) ccmName o (8) clusterName de iptm/logicalTopo.do, también conocido como Bug ID CSCtn61716.

Cisco Unified Operations Manager suffers from cross site scripting, remote SQL injection, and directory traversal vulnerabilities. Versions 8.0 and 8.5 are affected.

*Credits: N/A
CVSS Scores
Attack Vector
Network
Attack Complexity
Medium
Authentication
None
Confidentiality
None
Integrity
Partial
Availability
None
* Common Vulnerability Scoring System
SSVC
  • Decision:-
Exploitation
-
Automatable
-
Tech. Impact
-
* Organization's Worst-case Scenario
Timeline
  • 2011-02-10 CVE Reserved
  • 2011-05-18 CVE Published
  • 2011-05-18 First Exploit
  • 2024-08-06 CVE Updated
  • 2024-10-15 EPSS Updated
  • ---------- Exploited in Wild
  • ---------- KEV Due Date
CWE
  • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CAPEC
Affected Vendors, Products, and Versions
Vendor Product Version Other Status
Vendor Product Version Other Status <-- --> Vendor Product Version Other Status
Cisco
Search vendor "Cisco"
Unified Operations Manager
Search vendor "Cisco" for product "Unified Operations Manager"
<= 8.5
Search vendor "Cisco" for product "Unified Operations Manager" and version " <= 8.5"
-
Affected
Cisco
Search vendor "Cisco"
Unified Operations Manager
Search vendor "Cisco" for product "Unified Operations Manager"
1.1
Search vendor "Cisco" for product "Unified Operations Manager" and version "1.1"
-
Affected
Cisco
Search vendor "Cisco"
Unified Operations Manager
Search vendor "Cisco" for product "Unified Operations Manager"
2.0
Search vendor "Cisco" for product "Unified Operations Manager" and version "2.0"
-
Affected
Cisco
Search vendor "Cisco"
Unified Operations Manager
Search vendor "Cisco" for product "Unified Operations Manager"
2.0.1
Search vendor "Cisco" for product "Unified Operations Manager" and version "2.0.1"
-
Affected
Cisco
Search vendor "Cisco"
Unified Operations Manager
Search vendor "Cisco" for product "Unified Operations Manager"
2.0.2
Search vendor "Cisco" for product "Unified Operations Manager" and version "2.0.2"
-
Affected
Cisco
Search vendor "Cisco"
Unified Operations Manager
Search vendor "Cisco" for product "Unified Operations Manager"
2.0.3
Search vendor "Cisco" for product "Unified Operations Manager" and version "2.0.3"
-
Affected
Cisco
Search vendor "Cisco"
Unified Operations Manager
Search vendor "Cisco" for product "Unified Operations Manager"
2.1
Search vendor "Cisco" for product "Unified Operations Manager" and version "2.1"
-
Affected
Cisco
Search vendor "Cisco"
Unified Operations Manager
Search vendor "Cisco" for product "Unified Operations Manager"
2.2
Search vendor "Cisco" for product "Unified Operations Manager" and version "2.2"
-
Affected
Cisco
Search vendor "Cisco"
Unified Operations Manager
Search vendor "Cisco" for product "Unified Operations Manager"
2.3
Search vendor "Cisco" for product "Unified Operations Manager" and version "2.3"
-
Affected
Cisco
Search vendor "Cisco"
Unified Operations Manager
Search vendor "Cisco" for product "Unified Operations Manager"
8.0
Search vendor "Cisco" for product "Unified Operations Manager" and version "8.0"
-
Affected