Cross-Site Scripting Vulnerability in Cisco Wireless Control System
CVE-2006-3289

Currently unrated

Key Information:

Vendor: Cisco
Status: Wireless Control System
Vendor: CVE Published:; 28 June 2006

Summary

A cross-site scripting (XSS) vulnerability exists in the login page of the HTTP interface for Cisco Wireless Control System (WCS) for Linux and Windows. This issue allows remote attackers to inject arbitrary web scripts or HTML through unspecified vectors, particularly via a malicious URL. Such vulnerabilities can lead to stolen credentials, session hijacking, and the potential for further exploitation of the affected system.

References

http://www.vupen.com/english/advisories/2006/2583

vdb-entryx_refsource_VUPEN

http://secunia.com/advisories/20870

third-party-advisoryx_refsource_SECUNIA

https://exchange.xforce.ibmcloud.com/vulnerabilities/27441

vdb-entryx_refsource_XF

Timeline

Vulnerability published
Jun 28, 2006
Vulnerability Reserved
Jun 28, 2006