CVE-2006-1960
Cisco Wireless LAN Solution Engine < 2.13 - Cross-Site Scripting via archiveApplyDisplay.jsp displayMsg Parameter
Title source: llmExploitation Summary
EIP tracks 1 public exploit for CVE-2006-1960. PoCs published by Adam Pointon.
AI-analyzed exploit summary This exploit demonstrates a cross-site scripting (XSS) vulnerability in CiscoWorks Wireless LAN Solution Engine (WLSE) by injecting a malicious script into the 'displayMsg' parameter, which steals the user's session cookie.
Description
Cross-site scripting (XSS) vulnerability in the appliance web user interface in Cisco CiscoWorks Wireless LAN Solution Engine (WLSE) and WLSE Express before 2.13 allows remote attackers to inject arbitrary web script or HTML, possibly via the displayMsg parameter to archiveApplyDisplay.jsp, aka bug ID CSCsc01095.
Exploits (1)
This exploit demonstrates a cross-site scripting (XSS) vulnerability in CiscoWorks Wireless LAN Solution Engine (WLSE) by injecting a malicious script into the 'displayMsg' parameter, which steals the user's session cookie.