CVE Vulnerability

CVE-2007-5582

Cross-site scripting (XSS) vulnerability in the login page in Cisco CiscoWorks Server (CS), possibly 2.6 and earlier, when using CiscoWorks Common Services 3.0.x and 3.1, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

4.3 /10

CVSS v2.0 :

V3 Legend

Vector :

Exploitability : 8.6 / Impact : 2.9

Attack Vector

Attack Complexity

Privileges Required

User Interaction

Confidentiality Impact NONE

Integrity Impact PARTIAL

Availability Impact NONE

Scope

References
Link Resource
http://www.liquidmatrix.org/blog/2007/12/05/advisory-cross-site-scripting-in-ciscoworks/
http://tools.cisco.com/Support/BugToolKit/search/getBugDetails.do?method=fetchBugDetails&bugId=CSCsk69289
http://www.cisco.com/warp/public/707/cisco-sr-20071205-cw.shtml Patch
http://www.securityfocus.com/bid/26708
http://securitytracker.com/id?1019043
http://secunia.com/advisories/27902
http://securityreason.com/securityalert/3449
http://www.vupen.com/english/advisories/2007/4102
https://exchange.xforce.ibmcloud.com/vulnerabilities/38862
http://www.securityfocus.com/archive/1/484609/100/0/threaded
Configurations

Configuration 1

cpe:2.3:a:cisco:ciscoworks_server:*:*:*:*:*:*:*:*
Information

Published : 2007-12-15 01:46

Updated : 2018-10-15 09:45

NVD link : CVE-2007-5582

Mitre link : CVE-2007-5582

Products Affected
No products.
CWE
CWE-79