{"api_version":"1","generated_at":"2026-04-23T11:33:39+00:00","cve":"CVE-2006-3289","urls":{"html":"https://cve.report/CVE-2006-3289","api":"https://cve.report/api/cve/CVE-2006-3289.json","docs":"https://cve.report/api","cve_org":"https://www.cve.org/CVERecord?id=CVE-2006-3289","nvd":"https://nvd.nist.gov/vuln/detail/CVE-2006-3289"},"summary":{"title":"CVE-2006-3289","description":"Cross-site scripting (XSS) vulnerability in the login page of the HTTP interface for the Cisco Wireless Control System (WCS) for Linux and Windows before 3.2(51) allows remote attackers to inject arbitrary web script or HTML via unspecified vectors involving a \"malicious URL\".","state":"PUBLIC","assigner":"cve@mitre.org","published_at":"2006-06-28 23:05:00","updated_at":"2017-07-20 01:32:00"},"problem_types":["NVD-CWE-Other"],"metrics":[],"references":[{"url":"https://exchange.xforce.ibmcloud.com/vulnerabilities/27441","name":"cisco-wcs-http-xss(27441)","refsource":"XF","tags":[],"title":"IBM X-Force Exchange","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://secunia.com/advisories/20870","name":"20870","refsource":"SECUNIA","tags":[],"title":"Cisco Wireless Control System Multiple Vulnerabilities - Advisories - Secunia","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://www.vupen.com/english/advisories/2006/2583","name":"ADV-2006-2583","refsource":"VUPEN","tags":[],"title":"Webmail : Solution de messagerie professionnelle - OVHcloud- OVH","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://securitytracker.com/id?1016398","name":"1016398","refsource":"SECTRACK","tags":[],"title":"SecurityTracker.com Archives - Cisco Wireless Control System Lets Remote Users Read/Write Files, View Sensitive Information, Access the Systems, and Conduct Cross-Site Scripting Attacks","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://www.cisco.com/warp/public/707/cisco-sa-20060628-wcs.shtml","name":"20060628 Multiple Vulnerabilities in Wireless Control System","refsource":"CISCO","tags":["Patch"],"title":"Cisco - Networking, Cloud, and Cybersecurity Solutions","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://www.securityfocus.com/bid/18701","name":"18701","refsource":"BID","tags":[],"title":"Cisco Wireless Control System Multiple Security Vulnerabilities","mime":"text/html","httpstatus":"200","archivestatus":"0"},{"url":"http://www.osvdb.org/26880","name":"26880","refsource":"OSVDB","tags":[],"title":"","mime":"","httpstatus":"-1","archivestatus":"0"},{"url":"https://www.cve.org/CVERecord?id=CVE-2006-3289","name":"CVE Program record","refsource":"CVE.ORG","tags":["canonical"]},{"url":"https://nvd.nist.gov/vuln/detail/CVE-2006-3289","name":"NVD vulnerability detail","refsource":"NVD","tags":["canonical","analysis"]}],"affected":[],"timeline":[],"solutions":[],"workarounds":[],"exploits":[],"credits":[],"nvd_cpes":[{"cve_year":"2006","cve_id":"3289","vulnerable":"1","versionEndIncluding":"3.2(51)","cpe1":"cpe","cpe2":"2.3","cpe3":"h","cpe4":"cisco","cpe5":"wireless_control_system","cpe6":"*","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2006","cve_id":"3289","vulnerable":"1","versionEndIncluding":"3.2\\(51\\)","cpe1":"cpe","cpe2":"2.3","cpe3":"h","cpe4":"cisco","cpe5":"wireless_control_system","cpe6":"*","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"}],"vendor_comments":[],"enrichments":{"kev":null,"epss":null,"legacy_qids":[]},"source_records":{"cve_program":{"CVE_data_meta":{"ASSIGNER":"cve@mitre.org","ID":"CVE-2006-3289","STATE":"PUBLIC"},"affects":{"vendor":{"vendor_data":[{"product":{"product_data":[{"product_name":"n/a","version":{"version_data":[{"version_value":"n/a"}]}}]},"vendor_name":"n/a"}]}},"data_format":"MITRE","data_type":"CVE","data_version":"4.0","description":{"description_data":[{"lang":"eng","value":"Cross-site scripting (XSS) vulnerability in the login page of the HTTP interface for the Cisco Wireless Control System (WCS) for Linux and Windows before 3.2(51) allows remote attackers to inject arbitrary web script or HTML via unspecified vectors involving a \"malicious URL\"."}]},"problemtype":{"problemtype_data":[{"description":[{"lang":"eng","value":"n/a"}]}]},"references":{"reference_data":[{"name":"ADV-2006-2583","refsource":"VUPEN","url":"http://www.vupen.com/english/advisories/2006/2583"},{"name":"20870","refsource":"SECUNIA","url":"http://secunia.com/advisories/20870"},{"name":"cisco-wcs-http-xss(27441)","refsource":"XF","url":"https://exchange.xforce.ibmcloud.com/vulnerabilities/27441"},{"name":"20060628 Multiple Vulnerabilities in Wireless Control System","refsource":"CISCO","url":"http://www.cisco.com/warp/public/707/cisco-sa-20060628-wcs.shtml"},{"name":"26880","refsource":"OSVDB","url":"http://www.osvdb.org/26880"},{"name":"1016398","refsource":"SECTRACK","url":"http://securitytracker.com/id?1016398"},{"name":"18701","refsource":"BID","url":"http://www.securityfocus.com/bid/18701"}]}},"nvd":{"publishedDate":"2006-06-28 23:05:00","lastModifiedDate":"2017-07-20 01:32:00","problem_types":["NVD-CWE-Other"],"metrics":{"baseMetricV2":{"cvssV2":{"version":"2.0","vectorString":"AV:N/AC:H/Au:N/C:N/I:P/A:N","accessVector":"NETWORK","accessComplexity":"HIGH","authentication":"NONE","confidentialityImpact":"NONE","integrityImpact":"PARTIAL","availabilityImpact":"NONE","baseScore":2.6},"severity":"LOW","exploitabilityScore":4.9,"impactScore":2.9,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":true}},"configurations":{"CVE_data_version":"4.0","nodes":[{"operator":"OR","children":[],"cpe_match":[{"vulnerable":true,"cpe23Uri":"cpe:2.3:h:cisco:wireless_control_system:*:*:*:*:*:*:*:*","versionEndIncluding":"3.2\\(51\\)","cpe_name":[]}]}]}},"legacy_mitre":{"record":{"CveYear":"2006","CveId":"3289","Ordinal":"18614","Title":"CVE-2006-3289","CVE":"CVE-2006-3289","Year":"2006"},"notes":[{"CveYear":"2006","CveId":"3289","Ordinal":"1","NoteData":"Cross-site scripting (XSS) vulnerability in the login page of the HTTP interface for the Cisco Wireless Control System (WCS) for Linux and Windows before 3.2(51) allows remote attackers to inject arbitrary web script or HTML via unspecified vectors involving a \"malicious URL\".","Type":"Description","Title":null},{"CveYear":"2006","CveId":"3289","Ordinal":"2","NoteData":"2006-06-28","Type":"Other","Title":"Published"},{"CveYear":"2006","CveId":"3289","Ordinal":"3","NoteData":"2017-07-19","Type":"Other","Title":"Modified"}]}}}