CVE-2010-2986

Cisco WCS <6.0.194.0-7.0.164 - XSS

Title source: llm

Description

Cross-site scripting (XSS) vulnerability in webacs/QuickSearchAction.do in the search feature in the web interface in Cisco Wireless Control System (WCS) before 6.0(194.0) and 7.x before 7.0.164 allows remote attackers to inject arbitrary web script or HTML via the searchText parameter, aka Bug ID CSCtf14288.

References (5)

[Vendor Advisory] http://secunia.com/advisories/40827

[Third Party Advisory, VDB Entry] http://www.securityfocus.com/archive/1/512878/100/0/threaded

[Third Party Advisory, VDB Entry] http://www.securityfocus.com/bid/42216

[Exploit] http://www.tomneaves.com/Cisco_Wireless_Control_System_XSS.txt

[Release Notes] http://www.cisco.com/en/US/docs/wireless/controller/release/notes/crn7.0.html

Scores

EPSS 0.0034

EPSS Percentile 56.4%

Classification

CWE

CWE-79

Status published

Affected Products (39)

cisco/wireless_control_system_software < 6.0.188.0

cisco/wireless_control_system_software

cisco/wireless_control_system_software

cisco/wireless_control_system_software

cisco/wireless_control_system_software

cisco/wireless_control_system_software

cisco/wireless_control_system_software

cisco/wireless_control_system_software

cisco/wireless_control_system_software

cisco/wireless_control_system_software

cisco/wireless_control_system_software

cisco/wireless_control_system_software

cisco/wireless_control_system_software

cisco/wireless_control_system_software

cisco/wireless_control_system_software

... and 24 more

Timeline

Published Aug 10, 2010

Tracked Since Feb 18, 2026