Cross-Site Scripting Vulnerability in Cisco Scientific Atlanta Cable Modems
CVE-2012-3047

Currently unrated

Key Information:

Vendor: Cisco
Status: Scientific Atlanta Wag310g; Scientific Atlanta Epc2420; Scientific Atlanta Dpw700; Scientific Atlanta Dpx100\/120
Vendor: CVE Published:; 10 December 2013

Summary

An XSS vulnerability exists in the web-wizard setup page of Cisco Scientific Atlanta D20 and D30 cable modems, enabling remote attackers to inject arbitrary web scripts or HTML code. This could potentially lead to user data theft, session hijacking, or other malicious activities by exploiting unvalidated user input.

References

http://tools.cisco.com/security/center/viewAlert.x?alertI...

x_refsource_CONFIRM

Timeline

Vulnerability published
Dec 10, 2013
Vulnerability Reserved
May 30, 2012