Cisco Router and Security Device Manager Unspecified Cross Site Scripting Vulnerability
BID:40174
Info
Cisco Router and Security Device Manager Unspecified Cross Site Scripting Vulnerability
| Bugtraq ID: | 40174 |
| Class: | Input Validation Error |
| CVE: |
CVE-2010-0594 |
| Remote: | Yes |
| Local: | No |
| Published: | Apr 08 2010 12:00AM |
| Updated: | May 14 2010 06:01PM |
| Credit: | JVN |
| Vulnerable: |
Cisco Router and Security Device Manager (SDM) 0 |
| Not Vulnerable: | |
Discussion
Cisco Router and Security Device Manager Unspecified Cross Site Scripting Vulnerability
Cisco Router and Security Device Manager (SDM) is prone to a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input.
An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials and to launch other attacks.
This issue is being tracked by Cisco Bugid CSCtb38467.
Cisco Router and Security Device Manager (SDM) is prone to a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input.
An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials and to launch other attacks.
This issue is being tracked by Cisco Bugid CSCtb38467.
Exploit / POC
Cisco Router and Security Device Manager Unspecified Cross Site Scripting Vulnerability
Attackers can exploit this issue by enticing an unsuspecting user to follow a malicious URI.
Attackers can exploit this issue by enticing an unsuspecting user to follow a malicious URI.
Solution / Fix
Cisco Router and Security Device Manager Unspecified Cross Site Scripting Vulnerability
Solution:
Reports indicate that this issue has been fixed. Please see the references for more information.
Solution:
Reports indicate that this issue has been fixed. Please see the references for more information.
References
Cisco Router and Security Device Manager Unspecified Cross Site Scripting Vulnerability
References:
References: