CVE-2006-1960

Cross-site scripting (XSS) vulnerability in the appliance web user interface in Cisco CiscoWorks Wireless LAN Solution Engine (WLSE) and WLSE Express before 2.13 allows remote attackers to inject arbitrary web script or HTML, possibly via the displayMsg parameter to archiveApplyDisplay.jsp, aka bug ID CSCsc01095.

Published: Apr 21, 2006
Updated: Apr 13, 2023
CVE: CVE-2006-1960
Severity: Medium
Exploit:

CVSS v2:

Severity: Medium
Score: 5.8
AV:N/AC:M/Au:N/C:P/I:P/A:N

No CWE or OWASP classifications available.

Affected Software
References

Software	From	Fixed in
cisco / wireless_lan_solution_engine	2.3	2.3.x
cisco / wireless_lan_solution_engine	2.6	2.6.x
cisco / wireless_lan_solution_engine	2.11	2.11.x
cisco / wireless_lan_solution_engine	2.2	2.2.x
cisco / wireless_lan_solution_engine	2.4	2.4.x
cisco / wireless_lan_solution_engine	2.12	2.12.x
cisco / wireless_lan_solution_engine	2.10	2.10.x
cisco / wireless_lan_solution_engine	2.13	2.13.x
cisco / wireless_lan_solution_engine	2.1	2.1.x
cisco / wireless_lan_solution_engine	2.0	2.0.x
cisco / wireless_lan_solution_engine	2.7	2.7.x
cisco / wireless_lan_solution_engine	2.9	2.9.x
cisco / wireless_lan_solution_engine	2.5	2.5.x
cisco / wireless_lan_solution_engine	2.8	2.8.x

Vulnerability Database

289,697

CVE-2006-1960