Cross-Site Scripting Vulnerability in Cisco Wireless LAN Controller
CVE-2012-6007

Currently unrated

Key Information:

Vendor: Cisco
Status: Wireless Lan Controller Software; 2000 Wireless Lan Controller; 2100 Wireless Lan Controller; 2500 Wireless Lan Controller
Vendor: CVE Published:; 19 December 2012

Summary

A cross-site scripting (XSS) vulnerability exists in the screens/base/web_auth_custom.html file on Cisco Wireless LAN Controller (WLC) devices running version 7.2.110.0. This flaw allows remote authenticated users to inject arbitrary web scripts or HTML through the malicious manipulation of the headline parameter. This issue is tracked as Bug ID CSCud65187. It is crucial for users of affected products to implement precautions to mitigate the risk of exploiting this vulnerability.

References

http://infosec42.blogspot.dk/2012/12/cisco-wlc-csrf-dos-a...

x_refsource_MISC

Timeline

Vulnerability Reserved
Oct 3, 2022
Vulnerability published
Dec 19, 2012