{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2011-05-18T00:00:00", "descriptions": [{"lang": "en", "value": "Multiple cross-site scripting (XSS) vulnerabilities in Cisco Unified Operations Manager (CUOM) before 8.6 allow remote attackers to inject arbitrary web script or HTML via (1) the extn parameter to iptm/advancedfind.do, (2) the deviceInstanceName parameter to iptm/ddv.do, the (3) cmd or (4) group parameter to iptm/eventmon, the (5) clusterName or (6) deviceName parameter to iptm/faultmon/ui/dojo/Main/eventmon_wrapper.jsp, or the (7) ccmName or (8) clusterName parameter to iptm/logicalTopo.do, aka Bug ID CSCtn61716."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2017-08-16T14:57:01", "orgId": "d1c1063e-7a18-46af-9102-31f8928bc633", "shortName": "cisco"}, "references": [{"tags": ["x_refsource_CONFIRM"], "url": "http://tools.cisco.com/security/center/viewAlert.x?alertId=23085"}, {"tags": ["x_refsource_MISC"], "url": "http://www.senseofsecurity.com.au/advisories/SOS-11-006.pdf"}, {"name": "20110518 Cisco Unified Operations Manager Multiple Vulnerabilities - SOS-11-006", "tags": ["mailing-list", "x_refsource_FULLDISC"], "url": "http://archives.neohapsis.com/archives/fulldisclosure/2011-05/0371.html"}, {"name": "17304", "tags": ["exploit", "x_refsource_EXPLOIT-DB"], "url": "http://www.exploit-db.com/exploits/17304"}, {"name": "cisco-uom-multiple-xss(67521)", "tags": ["vdb-entry", "x_refsource_XF"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/67521"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "psirt@cisco.com", "ID": "CVE-2011-0959", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Multiple cross-site scripting (XSS) vulnerabilities in Cisco Unified Operations Manager (CUOM) before 8.6 allow remote attackers to inject arbitrary web script or HTML via (1) the extn parameter to iptm/advancedfind.do, (2) the deviceInstanceName parameter to iptm/ddv.do, the (3) cmd or (4) group parameter to iptm/eventmon, the (5) clusterName or (6) deviceName parameter to iptm/faultmon/ui/dojo/Main/eventmon_wrapper.jsp, or the (7) ccmName or (8) clusterName parameter to iptm/logicalTopo.do, aka Bug ID CSCtn61716."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "http://tools.cisco.com/security/center/viewAlert.x?alertId=23085", "refsource": "CONFIRM", "url": "http://tools.cisco.com/security/center/viewAlert.x?alertId=23085"}, {"name": "http://www.senseofsecurity.com.au/advisories/SOS-11-006.pdf", "refsource": "MISC", "url": "http://www.senseofsecurity.com.au/advisories/SOS-11-006.pdf"}, {"name": "20110518 Cisco Unified Operations Manager Multiple Vulnerabilities - SOS-11-006", "refsource": "FULLDISC", "url": "http://archives.neohapsis.com/archives/fulldisclosure/2011-05/0371.html"}, {"name": "17304", "refsource": "EXPLOIT-DB", "url": "http://www.exploit-db.com/exploits/17304"}, {"name": "cisco-uom-multiple-xss(67521)", "refsource": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/67521"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-06T22:14:26.542Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://tools.cisco.com/security/center/viewAlert.x?alertId=23085"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "http://www.senseofsecurity.com.au/advisories/SOS-11-006.pdf"}, {"name": "20110518 Cisco Unified Operations Manager Multiple Vulnerabilities - SOS-11-006", "tags": ["mailing-list", "x_refsource_FULLDISC", "x_transferred"], "url": "http://archives.neohapsis.com/archives/fulldisclosure/2011-05/0371.html"}, {"name": "17304", "tags": ["exploit", "x_refsource_EXPLOIT-DB", "x_transferred"], "url": "http://www.exploit-db.com/exploits/17304"}, {"name": "cisco-uom-multiple-xss(67521)", "tags": ["vdb-entry", "x_refsource_XF", "x_transferred"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/67521"}]}]}, "cveMetadata": {"assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633", "assignerShortName": "cisco", "cveId": "CVE-2011-0959", "datePublished": "2011-05-20T22:00:00", "dateReserved": "2011-02-10T00:00:00", "dateUpdated": "2024-08-06T22:14:26.542Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:cisco:unified_operations_manager:*:*:*:*:*:*:*:*", "matchCriteriaId": "690FA80D-A157-4D4E-980D-C9AA0009D853", "versionEndIncluding": "8.5", "vulnerable": true}, {"criteria": "cpe:2.3:a:cisco:unified_operations_manager:1.1:*:*:*:*:*:*:*", "matchCriteriaId": "C5510F4F-93C9-4722-97F5-37A05B48C23D", "vulnerable": true}, {"criteria": "cpe:2.3:a:cisco:unified_operations_manager:2.0:*:*:*:*:*:*:*", "matchCriteriaId": "C73FD728-7A22-4248-B4DA-62AB2704A411", "vulnerable": true}, {"criteria": "cpe:2.3:a:cisco:unified_operations_manager:2.0.1:*:*:*:*:*:*:*", "matchCriteriaId": "DD2DF29A-4E30-442C-BB14-F22D955B112A", "vulnerable": true}, {"criteria": "cpe:2.3:a:cisco:unified_operations_manager:2.0.2:*:*:*:*:*:*:*", "matchCriteriaId": "4CA03A21-13EF-476E-892B-D0A494779594", "vulnerable": true}, {"criteria": "cpe:2.3:a:cisco:unified_operations_manager:2.0.3:*:*:*:*:*:*:*", "matchCriteriaId": "107A78CC-8943-4D33-BE60-CBFC72FE405D", "vulnerable": true}, {"criteria": "cpe:2.3:a:cisco:unified_operations_manager:2.1:*:*:*:*:*:*:*", "matchCriteriaId": "930EA844-7016-4EC3-833D-70D1B1DE6DA0", "vulnerable": true}, {"criteria": "cpe:2.3:a:cisco:unified_operations_manager:2.2:*:*:*:*:*:*:*", "matchCriteriaId": "5CA3DB6A-A1D4-4CB4-A62D-3269E27094D9", "vulnerable": true}, {"criteria": "cpe:2.3:a:cisco:unified_operations_manager:2.3:*:*:*:*:*:*:*", "matchCriteriaId": "D63D2042-C271-4671-9858-2DE4709BAD19", "vulnerable": true}, {"criteria": "cpe:2.3:a:cisco:unified_operations_manager:8.0:*:*:*:*:*:*:*", "matchCriteriaId": "3BF00348-D8E9-4FC0-A6EA-7B16707441A3", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Multiple cross-site scripting (XSS) vulnerabilities in Cisco Unified Operations Manager (CUOM) before 8.6 allow remote attackers to inject arbitrary web script or HTML via (1) the extn parameter to iptm/advancedfind.do, (2) the deviceInstanceName parameter to iptm/ddv.do, the (3) cmd or (4) group parameter to iptm/eventmon, the (5) clusterName or (6) deviceName parameter to iptm/faultmon/ui/dojo/Main/eventmon_wrapper.jsp, or the (7) ccmName or (8) clusterName parameter to iptm/logicalTopo.do, aka Bug ID CSCtn61716."}, {"lang": "es", "value": "M\u00faltiples vulnerabilidades de ejecuci\u00f3n de secuencias de comandos en sitios cruzados (XSS) en Cisco Unified Operations Manager (CUOM) antes de v8.6, permite a atacantes remotos inyectar secuencias de comandos web o HTML a trav\u00e9s de (1) el par\u00e1metro extn de iptm/advancedfind.do, (2) el par\u00e1metro deviceInstanceName de iptm/ddv.do, el (3) cmd o (4) el par\u00e1metro group de iptm/eventmon, el par\u00e1metro (5) clusterName o (6) deviceName de iptm/faultmon/ui/dojo/Main/eventmon_wrapper.jsp, o el par\u00e1metro (7) ccmName o (8) clusterName de iptm/logicalTopo.do, tambi\u00e9n conocido como Bug ID CSCtn61716."}], "id": "CVE-2011-0959", "lastModified": "2025-04-11T00:51:21.963", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 4.3, "confidentialityImpact": "NONE", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": true}]}, "published": "2011-05-20T22:55:02.907", "references": [{"source": "psirt@cisco.com", "tags": ["Exploit"], "url": "http://archives.neohapsis.com/archives/fulldisclosure/2011-05/0371.html"}, {"source": "psirt@cisco.com", "tags": ["Vendor Advisory"], "url": "http://tools.cisco.com/security/center/viewAlert.x?alertId=23085"}, {"source": "psirt@cisco.com", "tags": ["Exploit"], "url": "http://www.exploit-db.com/exploits/17304"}, {"source": "psirt@cisco.com", "tags": ["Exploit", "URL Repurposed"], "url": "http://www.senseofsecurity.com.au/advisories/SOS-11-006.pdf"}, {"source": "psirt@cisco.com", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/67521"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Exploit"], "url": "http://archives.neohapsis.com/archives/fulldisclosure/2011-05/0371.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "http://tools.cisco.com/security/center/viewAlert.x?alertId=23085"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Exploit"], "url": "http://www.exploit-db.com/exploits/17304"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Exploit", "URL Repurposed"], "url": "http://www.senseofsecurity.com.au/advisories/SOS-11-006.pdf"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/67521"}], "sourceIdentifier": "psirt@cisco.com", "vulnStatus": "Deferred", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-79"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{}