CVE-2011-0962

EUVD-2011-0974
Cross-site scripting (XSS) vulnerability in CSCOnm/servlet/com.cisco.nm.help.ServerHelpEngine in the Common Services Device Center in Cisco Unified Operations Manager (CUOM) before 8.6 allows remote attackers to inject arbitrary web script or HTML via the tag parameter, aka Bug ID CSCto12712.
Cross-site Scripting
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
4.3 UNKNOWN
NETWORK
MEDIUM
AV:N/AC:M/Au:N/C:N/I:P/A:N
Base Score
CVSS 3.x
EPSS Score
Percentile: 90%
Affected Products (NVD)
VendorProductVersion
ciscounified_operations_manager
𝑥
≤ 8.5
ciscounified_operations_manager
1.1
ciscounified_operations_manager
2.0
ciscounified_operations_manager
2.0.1
ciscounified_operations_manager
2.0.2
ciscounified_operations_manager
2.0.3
ciscounified_operations_manager
2.1
ciscounified_operations_manager
2.2
ciscounified_operations_manager
2.3
ciscounified_operations_manager
8.0
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
http://archives.neohapsis.com/archives/fulldisclosure/2011-05/0371.html
http://tools.cisco.com/security/center/viewAlert.x?alertId=23087
http://www.exploit-db.com/exploits/17304
http://www.senseofsecurity.com.au/advisories/SOS-11-006.pdf
https://exchange.xforce.ibmcloud.com/vulnerabilities/67524
http://archives.neohapsis.com/archives/fulldisclosure/2011-05/0371.html
http://tools.cisco.com/security/center/viewAlert.x?alertId=23087
http://www.exploit-db.com/exploits/17304
http://www.senseofsecurity.com.au/advisories/SOS-11-006.pdf
https://exchange.xforce.ibmcloud.com/vulnerabilities/67524