Sign-up

ID

VAR-E-201105-0017


CVE

cve_id:CVE-2011-0959

Trust: 2.4

cve_id:CVE-2011-0960

Trust: 0.5

cve_id:CVE-2011-0961

Trust: 0.5

cve_id:CVE-2011-0962

Trust: 0.5

cve_id:CVE-2011-0966

Trust: 0.5

sources: BID: 47901 // PACKETSTORM: 101518 // EXPLOIT-DB: 35765 // EDBNET: 57167

EDB ID

35765


TITLE

Cisco Unified Operations Manager 8.5 - '/iptm/faultmon/ui/dojo/Main/eventmon_wrapper.jsp' Multiple Cross-Site Scripting Vulnerabilities - Hardware remote Exploit

Trust: 0.6

sources: EXPLOIT-DB: 35765

DESCRIPTION

Cisco Unified Operations Manager 8.5 - '/iptm/faultmon/ui/dojo/Main/eventmon_wrapper.jsp' Multiple Cross-Site Scripting Vulnerabilities. CVE-2011-0959CVE-72419 . remote exploit for Hardware platform

Trust: 0.6

sources: EXPLOIT-DB: 35765

AFFECTED PRODUCTS

vendor:ciscomodel:unified operations managerscope:eqversion:8.5

Trust: 1.3

vendor:ciscomodel:unified operations managerscope: - version: -

Trust: 0.5

vendor:ciscomodel:unified operations managerscope:eqversion:2.0.3

Trust: 0.3

vendor:ciscomodel:unified operations managerscope:eqversion:2.0.2

Trust: 0.3

vendor:ciscomodel:unified operations managerscope:eqversion:2.0.1

Trust: 0.3

vendor:ciscomodel:unified operations managerscope:eqversion:8.0

Trust: 0.3

vendor:ciscomodel:unified operations managerscope:eqversion:2.3

Trust: 0.3

vendor:ciscomodel:unified operations managerscope:eqversion:2.2

Trust: 0.3

vendor:ciscomodel:unified operations manager sp1scope:eqversion:2.1

Trust: 0.3

vendor:ciscomodel:unified operations managerscope:eqversion:2.1

Trust: 0.3

vendor:ciscomodel:unified operations managerscope:eqversion:2.0

Trust: 0.3

vendor:ciscomodel:unified operations managerscope:neversion:8.6

Trust: 0.3

sources: BID: 47901 // PACKETSTORM: 101518 // EXPLOIT-DB: 35765

EXPLOIT

source: https://www.securityfocus.com/bid/47901/info

Cisco Unified Operations Manager is prone to multiple cross-site scripting vulnerabilities because it fails to properly sanitize user-supplied input.

An attacker may leverage these issues to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials. Other attacks may also be possible.

This issue is being tracked by Cisco Bug ID CSCtn61716.

Cisco Unified Operations Manager versions prior to 8.6 are vulnerable.

http://www.example.com/iptm/faultmon/ui/dojo/Main/eventmon_wrapper.jsp?clusterName=d4f84"%3b
alert(1)//608ddbf972
http://www.example.com/iptm/faultmon/ui/dojo/Main/eventmon_wrapper.jsp?deviceName=c25e8"%3ba
lert(1)//79877affe89

Trust: 1.0

sources: EXPLOIT-DB: 35765

EXPLOIT LANGUAGE

txt

Trust: 0.6

sources: EXPLOIT-DB: 35765

PRICE

free

Trust: 0.6

sources: EXPLOIT-DB: 35765

TYPE

'/iptm/faultmon/ui/dojo/Main/eventmon_wrapper.jsp' Multiple Cross-Site Scripting Vulnerabilities

Trust: 1.0

sources: EXPLOIT-DB: 35765

TAGS

tag:exploit

Trust: 0.5

tag:remote

Trust: 0.5

tag:vulnerability

Trust: 0.5

tag:xss

Trust: 0.5

tag:sql injection

Trust: 0.5

sources: PACKETSTORM: 101518

CREDITS

Sense of Security

Trust: 0.6

sources: EXPLOIT-DB: 35765

EXTERNAL IDS

db:NVDid:CVE-2011-0959

Trust: 2.4

db:EXPLOIT-DBid:35765

Trust: 1.9

db:BIDid:47901

Trust: 1.9

db:EDBNETid:57167

Trust: 0.6

db:NVDid:CVE-2011-0961

Trust: 0.5

db:NVDid:CVE-2011-0960

Trust: 0.5

db:NVDid:CVE-2011-0966

Trust: 0.5

db:NVDid:CVE-2011-0962

Trust: 0.5

db:PACKETSTORMid:101518

Trust: 0.5

sources: BID: 47901 // PACKETSTORM: 101518 // EXPLOIT-DB: 35765 // EDBNET: 57167

REFERENCES

url:https://nvd.nist.gov/vuln/detail/cve-2011-0959

Trust: 2.1

url:https://www.securityfocus.com/bid/47901/info

Trust: 1.0

url:https://www.exploit-db.com/exploits/35765/

Trust: 0.6

url:https://nvd.nist.gov/vuln/detail/cve-2011-0962

Trust: 0.5

url:https://nvd.nist.gov/vuln/detail/cve-2011-0960

Trust: 0.5

url:https://nvd.nist.gov/vuln/detail/cve-2011-0961

Trust: 0.5

url:https://nvd.nist.gov/vuln/detail/cve-2011-0966

Trust: 0.5

url:https://www.exploit-db.com/exploits/35766

Trust: 0.3

url:https://www.exploit-db.com/exploits/35764

Trust: 0.3

url:https://www.exploit-db.com/exploits/35763

Trust: 0.3

url:https://www.exploit-db.com/exploits/35765

Trust: 0.3

url:https://www.exploit-db.com/exploits/35762

Trust: 0.3

url:http://www.cisco.com/en/us/products/ps6535/index.html

Trust: 0.3

url:http://www.senseofsecurity.com.au/advisories/sos-11-006.pdf

Trust: 0.3

url:http://tools.cisco.com/security/center/viewalert.x?alertid=23085

Trust: 0.3

url:http://archives.neohapsis.com/archives/fulldisclosure/2011-05/0371.html

Trust: 0.3

sources: BID: 47901 // PACKETSTORM: 101518 // EXPLOIT-DB: 35765 // EDBNET: 57167

SOURCES

db:BIDid:47901
db:PACKETSTORMid:101518
db:EXPLOIT-DBid:35765
db:EDBNETid:57167

LAST UPDATE DATE

2022-07-27T09:19:18.032000+00:00


SOURCES UPDATE DATE

db:BIDid:47901date:2011-05-18T00:00:00

SOURCES RELEASE DATE

db:BIDid:47901date:2011-05-18T00:00:00
db:PACKETSTORMid:101518date:2011-05-18T14:17:13
db:EXPLOIT-DBid:35765date:2011-06-18T00:00:00
db:EDBNETid:57167date:2011-06-18T00:00:00