CVE-2008-3821

Cisco IOS 11.0-12.4 - Cross-Site Scripting via HTTP Server URI Parameters

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2008-3821. PoCs published by Adrian Pastor.

AI-analyzed exploit summary The provided text describes a cross-site scripting (XSS) vulnerability in Cisco IOS HTTP Server, where user-supplied input is not properly sanitized. It includes a proof-of-concept URL demonstrating the vulnerability.

Description

Multiple cross-site scripting (XSS) vulnerabilities in the HTTP server in Cisco IOS 11.0 through 12.4 allow remote attackers to inject arbitrary web script or HTML via (1) the query string to the ping program or (2) unspecified other aspects of the URI.

Exploits (1)

exploitdb WRITEUP VERIFIED

by Adrian Pastor · textremotehardware

https://www.exploit-db.com/exploits/32723

View Code ZIP pw:eip

The provided text describes a cross-site scripting (XSS) vulnerability in Cisco IOS HTTP Server, where user-supplied input is not properly sanitized. It includes a proof-of-concept URL demonstrating the vulnerability.

Classification

Writeup 90%

Attack Type

Xss

Complexity

Trivial

Reliability

Reliable

Target: Cisco IOS HTTP Server

No auth needed

Prerequisites: Access to the vulnerable Cisco IOS HTTP Server

MITRE ATT&CK

T1059.007 - JavaScript

devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (12)

Core 12

Core References

Third Party Advisory, VDB Entry third-party-advisory x_refsource_jvn

http://jvn.jp/en/jp/JVN28344798/index.html

Broken Link vdb-entry x_refsource_osvdb

http://osvdb.org/51393

Third Party Advisory, VDB Entry vdb-entry x_refsource_sectrack

http://securitytracker.com/id?1021598

Third Party Advisory third-party-advisory x_refsource_sreason

http://securityreason.com/securityalert/4916

Exploit x_refsource_misc

http://www.procheckup.com/vulnerability_manager/vulnerabilities/pr08-19

Third Party Advisory, VDB Entry vdb-entry x_refsource_bid

http://www.securityfocus.com/bid/33260

Third Party Advisory, VDB Entry vdb-entry x_refsource_xf

https://exchange.xforce.ibmcloud.com/vulnerabilities/47947

Not Applicable vdb-entry x_refsource_vupen

http://www.vupen.com/english/advisories/2009/0138

Vendor Advisory vendor-advisory x_refsource_cisco

http://www.cisco.com/en/US/products/products_security_response09186a0080a5c501.html

Third Party Advisory third-party-advisory x_refsource_secunia

http://secunia.com/advisories/33461

Broken Link vdb-entry x_refsource_osvdb

http://osvdb.org/51394

Third Party Advisory, VDB Entry mailing-list x_refsource_bugtraq

http://www.securityfocus.com/archive/1/500063/100/0/threaded

Scores

EPSS 0.0545

EPSS Percentile 91.7%

Details

CWE

CWE-79

Status published

Products (50)

cisco/ios 12.0

cisco/ios 12.0da

cisco/ios 12.0db

cisco/ios 12.0dc

cisco/ios 12.0s

cisco/ios 12.0sc

cisco/ios 12.0sl

cisco/ios 12.0sp

cisco/ios 12.0st

cisco/ios 12.0sx

... and 40 more

Published Jan 16, 2009

Tracked Since Feb 18, 2026