Cross-Site Scripting Vulnerability in CiscoWorks Wireless LAN Solution Engine
CVE-2006-1960

Currently unrated

Key Information:

Vendor: Cisco
Status: Wireless Lan Solution Engine
Vendor: CVE Published:; 21 April 2006

What is CVE-2006-1960?

An XSS vulnerability exists in the web user interface of CiscoWorks Wireless LAN Solution Engine (WLSE) and WLSE Express that allows remote attackers to inject arbitrary web scripts or HTML. This can occur through the 'displayMsg' parameter in the 'archiveApplyDisplay.jsp' page, potentially compromising the security of the affected system.

References

http://www.assurance.com.au/advisories/200604-cisco.txt

x_refsource_MISC

http://www.securityfocus.com/bid/17604

vdb-entryx_refsource_BID

http://www.securityfocus.com/archive/1/431371/30/5490/thr...

mailing-listx_refsource_BUGTRAQ

EPSS Score

5% chance of being exploited in the next 30 days.

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Apr 21, 2006
Vulnerability Reserved
Apr 21, 2006