CVE-2011-0959
Cisco Unified Operations Manager < 8.5 - XSS
Title source: ruleDescription
Multiple cross-site scripting (XSS) vulnerabilities in Cisco Unified Operations Manager (CUOM) before 8.6 allow remote attackers to inject arbitrary web script or HTML via (1) the extn parameter to iptm/advancedfind.do, (2) the deviceInstanceName parameter to iptm/ddv.do, the (3) cmd or (4) group parameter to iptm/eventmon, the (5) clusterName or (6) deviceName parameter to iptm/faultmon/ui/dojo/Main/eventmon_wrapper.jsp, or the (7) ccmName or (8) clusterName parameter to iptm/logicalTopo.do, aka Bug ID CSCtn61716.
Exploits (6)
exploitdb
WRITEUP
VERIFIED
by Sense of Security · textremotewindows
https://www.exploit-db.com/exploits/17304
exploitdb
WORKING POC
VERIFIED
by Sense of Security · textremotehardware
https://www.exploit-db.com/exploits/35766
exploitdb
WORKING POC
VERIFIED
by Sense of Security · textremotehardware
https://www.exploit-db.com/exploits/35765
exploitdb
WRITEUP
VERIFIED
by Sense of Security · textremotehardware
https://www.exploit-db.com/exploits/35762
exploitdb
WORKING POC
VERIFIED
by Sense of Security · textremotehardware
https://www.exploit-db.com/exploits/35763
exploitdb
WRITEUP
VERIFIED
by Sense of Security · textremotehardware
https://www.exploit-db.com/exploits/35764
References (5)
Scores
EPSS
0.3769
EPSS Percentile
97.2%
Classification
CWE
CWE-79
Status
published
Affected Products (11)
cisco/unified_operations_manager
< 8.5
cisco/unified_operations_manager
cisco/unified_operations_manager
cisco/unified_operations_manager
cisco/unified_operations_manager
cisco/unified_operations_manager
cisco/unified_operations_manager
cisco/unified_operations_manager
cisco/unified_operations_manager
cisco/unified_operations_manager
n/a/n/a
Timeline
Published
May 20, 2011
Tracked Since
Feb 18, 2026