Description
Multiple cross-site scripting (XSS) vulnerabilities in the HTTP server in Cisco IOS 11.0 through 12.4 allow remote attackers to inject arbitrary web script or HTML via (1) the query string to the ping program or (2) unspecified other aspects of the URI.
Exploits (1)
exploitdb
WRITEUP
VERIFIED
by Adrian Pastor · textremotehardware
https://www.exploit-db.com/exploits/32723
References (12)
Core 12
Core References
Third Party Advisory, VDB Entry third-party-advisory
x_refsource_jvn
http://jvn.jp/en/jp/JVN28344798/index.html
Broken Link vdb-entry
x_refsource_osvdb
http://osvdb.org/51393
Third Party Advisory, VDB Entry vdb-entry
x_refsource_sectrack
http://securitytracker.com/id?1021598
Third Party Advisory third-party-advisory
x_refsource_sreason
http://securityreason.com/securityalert/4916
Exploit x_refsource_misc
http://www.procheckup.com/vulnerability_manager/vulnerabilities/pr08-19
Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/33260
Third Party Advisory, VDB Entry vdb-entry
x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/47947
Not Applicable vdb-entry
x_refsource_vupen
http://www.vupen.com/english/advisories/2009/0138
Vendor Advisory vendor-advisory
x_refsource_cisco
http://www.cisco.com/en/US/products/products_security_response09186a0080a5c501.html
Third Party Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/33461
Broken Link vdb-entry
x_refsource_osvdb
http://osvdb.org/51394
Third Party Advisory, VDB Entry mailing-list
x_refsource_bugtraq
http://www.securityfocus.com/archive/1/500063/100/0/threaded
Scores
EPSS
0.0893
EPSS Percentile
92.6%
Details
CWE
CWE-79
Status
published
Products (50)
cisco/ios
12.0
cisco/ios
12.0da
cisco/ios
12.0db
cisco/ios
12.0dc
cisco/ios
12.0s
cisco/ios
12.0sc
cisco/ios
12.0sl
cisco/ios
12.0sp
cisco/ios
12.0st
cisco/ios
12.0sx
... and 40 more
Published
Jan 16, 2009
Tracked Since
Feb 18, 2026