CVE-2011-0959

medium

Cisco

CVSS v3 Base Score

4.3

AV:N/AC:M/Au:N/C:N/I:P/A:N

EPSS Score

37.7%

Exploitation probability in 30 days

Top 3% most likely to be exploited

Attack Characteristics

Attack Vector

Network

Attack Complexity

Confidentiality

None

Integrity

Availability

None

Published: May 20, 2011 (5472 days ago)

Last Modified: April 29, 2026

Vendor: Cisco

Source: NVD

Description

Multiple cross-site scripting (XSS) vulnerabilities in Cisco Unified Operations Manager (CUOM) before 8.6 allow remote attackers to inject arbitrary web script or HTML via (1) the extn parameter to iptm/advancedfind.do, (2) the deviceInstanceName parameter to iptm/ddv.do, the (3) cmd or (4) group parameter to iptm/eventmon, the (5) clusterName or (6) deviceName parameter to iptm/faultmon/ui/dojo/Main/eventmon_wrapper.jsp, or the (7) ccmName or (8) clusterName parameter to iptm/logicalTopo.do, aka Bug ID CSCtn61716.

CWE

CWE-79

Affected Products

cisco unified operations manager

References

🔗 archives.neohapsis.com 🔗 tools.cisco.com 🔗 www.exploit-db.com 🔗 www.senseofsecurity.com.au 🔗 exchange.xforce.ibmcloud.com

CVE-2011-0959

Vulnerability Report

Description

CWE

Affected Products

References