CVE-2011-0959

Multiple cross-site scripting (XSS) vulnerabilities in Cisco Unified Operations Manager (CUOM) before 8.6 allow remote attackers to inject arbitrary web script or HTML via (1) the extn parameter to iptm/advancedfind.do, (2) the deviceInstanceName parameter to iptm/ddv.do, the (3) cmd or (4) group parameter to iptm/eventmon, the (5) clusterName or (6) deviceName parameter to iptm/faultmon/ui/dojo/Main/eventmon_wrapper.jsp, or the (7) ccmName or (8) clusterName parameter to iptm/logicalTopo.do, aka Bug ID CSCtn61716.

Published: May 21, 2011
Updated: Apr 13, 2023
CVE: CVE-2011-0959
Severity: Low
Exploit:

CVSS v2:

Severity: Low
Score: 4.3
AV:N/AC:M/Au:N/C:N/I:P/A:N

CWEs:

CWE-79

OWASP TOP 10:

A7 - Cross-Site Scripting (XSS)

Affected Software
References

Software	From	Fixed in
cisco / unified_operations_manager	2.2	2.2.x
cisco / unified_operations_manager	2.0	2.0.x
cisco / unified_operations_manager	2.0.1	2.0.1.x
cisco / unified_operations_manager	-	8.5.x
cisco / unified_operations_manager	2.0.2	2.0.2.x
cisco / unified_operations_manager	1.1	1.1.x
cisco / unified_operations_manager	2.3	2.3.x
cisco / unified_operations_manager	2.1	2.1.x
cisco / unified_operations_manager	8.0	8.0.x
cisco / unified_operations_manager	2.0.3	2.0.3.x

Vulnerability Database

289,697

CVE-2011-0959