CVE-2012-6007

EUVD-2012-5881
Cross-site scripting (XSS) vulnerability in screens/base/web_auth_custom.html on Cisco Wireless LAN Controller (WLC) devices with software 7.2.110.0 allows remote authenticated users to inject arbitrary web script or HTML via the headline parameter, aka Bug ID CSCud65187, a different vulnerability than CVE-2012-5992.
Cross-site Scripting
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
4.3 UNKNOWN
NETWORK
MEDIUM
AV:N/AC:M/Au:N/C:N/I:P/A:N
Base Score
CVSS 3.x
EPSS Score
Percentile: 87%
Affected Products (NVD)
VendorProductVersion
ciscowireless_lan_controller_software
7.2.110.0
cisco2000_wireless_lan_controller
*
cisco2100_wireless_lan_controller
*
cisco2500_wireless_lan_controller
-
cisco4100_wireless_lan_controller
*
cisco4400_wireless_lan_controller
*
cisco5500_wireless_lan_controller
-
cisco7500_wireless_lan_controller
-
cisco8500_wireless_lan_controller
-
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
http://infosec42.blogspot.dk/2012/12/cisco-wlc-csrf-dos-and-persistent-xss.html
http://infosec42.blogspot.dk/2012/12/cisco-wlc-csrf-dos-and-persistent-xss.html