CVE-2010-2986
N/A
N/A
Summary
Cross-site scripting (XSS) vulnerability in webacs/QuickSearchAction.do in the search feature in the web interface in Cisco Wireless Control System (WCS) before 6.0(194.0) and 7.x before 7.0.164 allows remote attackers to inject arbitrary web script or HTML via the searchText parameter, aka Bug ID CSCtf14288.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| n/a | n/a | n/a | affected |
Weaknesses
- n/a
ADP Enrichment
CVE Program Container
Additional References
- http://www.securityfocus.com/bid/42216
- http://www.tomneaves.com/Cisco_Wireless_Control_System_XSS.txt
- http://www.cisco.com/en/US/docs/wireless/controller/release/notes/crn7.0.html
- http://www.securityfocus.com/archive/1/512878/100/0/threaded
- http://secunia.com/advisories/40827
References
- http://www.securityfocus.com/bid/42216
- http://www.tomneaves.com/Cisco_Wireless_Control_System_XSS.txt
- http://www.cisco.com/en/US/docs/wireless/controller/release/notes/crn7.0.html
- http://www.securityfocus.com/archive/1/512878/100/0/threaded
- http://secunia.com/advisories/40827
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.