CVE-2007-5582

Cross-site scripting (XSS) vulnerability in the login page in Cisco CiscoWorks Server (CS), possibly 2.6 and earlier, when using CiscoWorks Common Services 3.0.x and 3.1, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
Configurations

Configuration 1 (hide)

cpe:2.3:a:cisco:ciscoworks_server:*:*:*:*:*:*:*:*

History

21 Nov 2024, 00:38

Type Values Removed Values Added
References () http://secunia.com/advisories/27902 - () http://secunia.com/advisories/27902 -
References () http://securityreason.com/securityalert/3449 - () http://securityreason.com/securityalert/3449 -
References () http://securitytracker.com/id?1019043 - () http://securitytracker.com/id?1019043 -
References () http://tools.cisco.com/Support/BugToolKit/search/getBugDetails.do?method=fetchBugDetails&bugId=CSCsk69289 - () http://tools.cisco.com/Support/BugToolKit/search/getBugDetails.do?method=fetchBugDetails&bugId=CSCsk69289 -
References () http://www.cisco.com/warp/public/707/cisco-sr-20071205-cw.shtml - Patch () http://www.cisco.com/warp/public/707/cisco-sr-20071205-cw.shtml - Patch
References () http://www.liquidmatrix.org/blog/2007/12/05/advisory-cross-site-scripting-in-ciscoworks/ - () http://www.liquidmatrix.org/blog/2007/12/05/advisory-cross-site-scripting-in-ciscoworks/ -
References () http://www.securityfocus.com/archive/1/484609/100/0/threaded - () http://www.securityfocus.com/archive/1/484609/100/0/threaded -
References () http://www.securityfocus.com/bid/26708 - () http://www.securityfocus.com/bid/26708 -
References () http://www.vupen.com/english/advisories/2007/4102 - () http://www.vupen.com/english/advisories/2007/4102 -
References () https://exchange.xforce.ibmcloud.com/vulnerabilities/38862 - () https://exchange.xforce.ibmcloud.com/vulnerabilities/38862 -

Information

Published : 2007-12-15 01:46

Updated : 2024-11-21 00:38


NVD link : CVE-2007-5582

Mitre link : CVE-2007-5582

CVE.ORG link : CVE-2007-5582


JSON object : View

Products Affected

cisco

  • ciscoworks_server
CWE
CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')