Cross-Site Scripting Vulnerability in Cisco Wireless LAN Controller
CVE-2015-0690

Currently unrated

Key Information:

Vendor: Cisco
Status: Wireless Lan Controller Software
Vendor: CVE Published:; 7 April 2015

Summary

A cross-site scripting vulnerability exists within the HTML help system on Cisco Wireless LAN Controller devices that are running versions prior to 8.0. This weakness allows remote attackers to execute arbitrary web scripts or HTML by crafting specific URLs. Exploiting this vulnerability could lead to unauthorized actions taken on behalf of users, compromising the integrity of user sessions and sensitive data.

References

http://tools.cisco.com/security/center/viewAlert.x?alertI...

vendor-advisoryx_refsource_CISCO

http://www.securitytracker.com/id/1032024

vdb-entryx_refsource_SECTRACK

Timeline

Vulnerability published
Apr 7, 2015
Vulnerability Reserved
Jan 7, 2015