CVE-2006-3289 - Cross-site scripting (XSS) vulnerability in the login page of the HTTP interface for the Cisco Wirel

CVE-2006-3289

Summary

Cross-site scripting (XSS) vulnerability in the login page of the HTTP interface for the Cisco Wireless Control System (WCS) for Linux and Windows before 3.2(51) allows remote attackers to inject arbitrary web script or HTML via unspecified vectors involving a "malicious URL".

References

Vulnerable Configurations

cpe:2.3:h:cisco:wireless_control_system:-:*:*:*:*:*:*:*
cpe:2.3:h:cisco:wireless_control_system:-:*:*:*:*:*:*:*
cpe:2.3:h:cisco:wireless_control_system:3.2\(40\):*:*:*:*:*:*:*
cpe:2.3:h:cisco:wireless_control_system:3.2\(40\):*:*:*:*:*:*:*
cpe:2.3:h:cisco:wireless_control_system:3.2\(51\):*:*:*:*:*:*:*
cpe:2.3:h:cisco:wireless_control_system:3.2\(51\):*:*:*:*:*:*:*

CVSS

Base:	2.6 (as of 20-07-2017 - 01:32)
Impact:
Exploitability:

CWE

NVD-CWE-Other

CAPEC

Access

Vector	Complexity	Authentication
NETWORK	HIGH	NONE

Impact

Confidentiality	Integrity	Availability
NONE	PARTIAL	NONE

cvss-vector via4

AV:N/AC:H/Au:N/C:N/I:P/A:N

refmap via4

bid	18701
cisco	20060628 Multiple Vulnerabilities in Wireless Control System
osvdb	26880
sectrack	1016398
secunia	20870
vupen	ADV-2006-2583
xf	cisco-wcs-http-xss(27441)

Last major update

20-07-2017 - 01:32

Published

28-06-2006 - 23:05

Last modified

20-07-2017 - 01:32