CVE-2007-5582

Cross-site scripting (XSS) vulnerability in the login page in Cisco CiscoWorks Server (CS), possibly 2.6 and earlier, when using CiscoWorks Common Services 3.0.x and 3.1, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

CVSS v2.0 4.3 MEDIUM

4.3^/10

CVSS v2.0 : MEDIUM

Vector : AV:N/AC:M/Au:N/C:N/I:P/A:N

Exploitability : 8.6 / Impact : 2.9

Access Vector NETWORK

Access Complexity MEDIUM

Authentication NONE

Confidentiality Impact NONE

Integrity Impact PARTIAL

Availability Impact NONE

References

Link	Resource
http://www.liquidmatrix.org/blog/2007/12/05/advisory-cross-site-scripting-in-ciscoworks/
http://tools.cisco.com/Support/BugToolKit/search/getBugDetails.do?method=fetchBugDetails&bugId=CSCsk69289
http://www.cisco.com/warp/public/707/cisco-sr-20071205-cw.shtml	Patch
http://www.securityfocus.com/bid/26708
http://securitytracker.com/id?1019043
http://secunia.com/advisories/27902
http://securityreason.com/securityalert/3449
http://www.vupen.com/english/advisories/2007/4102
https://exchange.xforce.ibmcloud.com/vulnerabilities/38862
http://www.securityfocus.com/archive/1/484609/100/0/threaded

Advertisement

Configurations

Configuration 1 (hide)

cpe:2.3:a:cisco:ciscoworks_server:*:*:*:*:*:*:*:*

Information

Published : 2007-12-14 17:46

Updated : 2018-10-15 14:45

NVD link : CVE-2007-5582

Mitre link : CVE-2007-5582

JSON object : View

CWE

CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Advertisement

Products Affected

cisco

ciscoworks_server

{"cve": {"data_type": "CVE", "references": {"reference_data": [{"url": "http://www.liquidmatrix.org/blog/2007/12/05/advisory-cross-site-scripting-in-ciscoworks/", "name": "http://www.liquidmatrix.org/blog/2007/12/05/advisory-cross-site-scripting-in-ciscoworks/", "tags": [], "refsource": "MISC"}, {"url": "http://tools.cisco.com/Support/BugToolKit/search/getBugDetails.do?method=fetchBugDetails&bugId=CSCsk69289", "name": "http://tools.cisco.com/Support/BugToolKit/search/getBugDetails.do?method=fetchBugDetails&bugId=CSCsk69289", "tags": [], "refsource": "CONFIRM"}, {"url": "http://www.cisco.com/warp/public/707/cisco-sr-20071205-cw.shtml", "name": "20071205 CiscoWorks Server XSS Vulnerability", "tags": ["Patch"], "refsource": "CISCO"}, {"url": "http://www.securityfocus.com/bid/26708", "name": "26708", "tags": [], "refsource": "BID"}, {"url": "http://securitytracker.com/id?1019043", "name": "1019043", "tags": [], "refsource": "SECTRACK"}, {"url": "http://secunia.com/advisories/27902", "name": "27902", "tags": [], "refsource": "SECUNIA"}, {"url": "http://securityreason.com/securityalert/3449", "name": "3449", "tags": [], "refsource": "SREASON"}, {"url": "http://www.vupen.com/english/advisories/2007/4102", "name": "ADV-2007-4102", "tags": [], "refsource": "VUPEN"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/38862", "name": "ciscoworks-cs-loginpage-xss(38862)", "tags": [], "refsource": "XF"}, {"url": "http://www.securityfocus.com/archive/1/484609/100/0/threaded", "name": "20071205 Advisory: Cross Site Scripting in CiscoWorks", "tags": [], "refsource": "BUGTRAQ"}]}, "data_format": "MITRE", "description": {"description_data": [{"lang": "en", "value": "Cross-site scripting (XSS) vulnerability in the login page in Cisco CiscoWorks Server (CS), possibly 2.6 and earlier, when using CiscoWorks Common Services 3.0.x and 3.1, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "en", "value": "CWE-79"}]}]}, "data_version": "4.0", "CVE_data_meta": {"ID": "CVE-2007-5582", "ASSIGNER": "psirt@cisco.com"}}, "impact": {"baseMetricV2": {"cvssV2": {"version": "2.0", "baseScore": 4.3, "accessVector": "NETWORK", "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "MEDIUM", "availabilityImpact": "NONE", "confidentialityImpact": "NONE"}, "severity": "MEDIUM", "impactScore": 2.9, "obtainAllPrivilege": false, "exploitabilityScore": 8.6, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": true}}, "publishedDate": "2007-12-15T01:46Z", "configurations": {"nodes": [{"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:a:cisco:ciscoworks_server:*:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true, "versionEndIncluding": "2.6"}]}], "CVE_data_version": "4.0"}, "lastModifiedDate": "2018-10-15T21:45Z"}