CVE-2008-2165

Cisco Building Broadband Service Manager - XSS

Title source: rule

Description

Cross-site scripting (XSS) vulnerability in AccessCodeStart.asp in Cisco Building Broadband Service Manager (BBSM) Captive Portal 5.3 allows remote attackers to inject arbitrary web script or HTML via the msg parameter.

References (8)

[Vendor Advisory] http://secunia.com/advisories/30222

[Third Party Advisory, VDB Entry] https://exchange.xforce.ibmcloud.com/vulnerabilities/42395

[Third Party Advisory, VDB Entry] http://www.securityfocus.com/archive/1/492043/100/0/threaded

[Third Party Advisory, VDB Entry] http://www.securityfocus.com/archive/1/492093/100/0/threaded

[Third Party Advisory, VDB Entry] http://www.securityfocus.com/bid/29191

[Third Party Advisory, VDB Entry] http://securitytracker.com/id?1020018

[Third Party Advisory] http://www.vupen.com/english/advisories/2008/1535

[Third Party Advisory] http://securityreason.com/securityalert/3895

Scores

EPSS 0.0052

EPSS Percentile 66.6%

Classification

CWE

CWE-79

Status draft

Affected Products (1)

cisco/building_broadband_service_manager

Timeline

Published May 16, 2008

Tracked Since Feb 18, 2026