header-logo
Suggest Exploit
vendor:
CiscoWorks Common Services
by:
Unknown
7.5
CVSS
HIGH
Cross-Site Scripting
79
CWE
Product Name: CiscoWorks Common Services
Affected Version From: CiscoWorks Common Services 3.3 and prior
Affected Version To:
Patch Exists: NO
Related CWE:
CPE: a:cisco:ciscoworks_common_services
Metasploit:
Other Scripts:
Platforms Tested:
Unknown

CiscoWorks Common Services Cross-Site Scripting Vulnerability

The CiscoWorks Common Services application fails to sufficiently sanitize user-supplied input, leading to a cross-site scripting vulnerability. An attacker can exploit this vulnerability to perform cross-site scripting attacks, potentially stealing authentication credentials and launching other attacks.

Mitigation:

Apply the necessary patches or updates provided by Cisco.
Source

Exploit-DB raw data:

source: https://www.securityfocus.com/bid/47902/info

CiscoWorks Common Services is prone to a cross-site scripting vulnerability because the application fails to sufficiently sanitize user-supplied input.

Exploiting this vulnerability could allow an attacker to perform cross-site scripting attacks on unsuspecting users in the context of the affected website. As a result, the attacker may be able to steal cookie-based authentication credentials and launch other attacks.

This issue is being monitored by Cisco Bug ID CSCto12704.

CiscoWorks Common Services 3.3 and prior are vulnerable. 

http://www.example.com/cwhp/device.center.do?device=&72a9f"><script>alert(1)</script>5f5251aaad=1