CVE-2010-2986

Currently unrated

Key Information:

Vendor: Cisco
Status: Wireless Control System Software
Vendor: CVE Published:; 10 August 2010

Summary

Cross-site scripting (XSS) vulnerability in webacs/QuickSearchAction.do in the search feature in the web interface in Cisco Wireless Control System (WCS) before 6.0(194.0) and 7.x before 7.0.164 allows remote attackers to inject arbitrary web script or HTML via the searchText parameter, aka Bug ID CSCtf14288.

References

http://www.securityfocus.com/bid/42216

vdb-entryx_refsource_BID

http://www.tomneaves.com/Cisco_Wireless_Control_System_XS...

x_refsource_MISC

http://www.cisco.com/en/US/docs/wireless/controller/relea...

x_refsource_CONFIRM

Timeline

Vulnerability published
Aug 10, 2010
Vulnerability Reserved
Aug 9, 2010