CVE-2011-0961
Ciscoworks Common Services < 3.3 - XSS
Title source: ruleDescription
Cross-site scripting (XSS) vulnerability in cwhp/device.center.do in the Help servlet in Cisco CiscoWorks Common Services 3.3 and earlier allows remote attackers to inject arbitrary web script or HTML via the device parameter, aka Bug ID CSCto12704.
Exploits (2)
exploitdb
WRITEUP
VERIFIED
by Sense of Security · textremotewindows
https://www.exploit-db.com/exploits/17304
exploitdb
WORKING POC
VERIFIED
by Sense of Security · textremotehardware
https://www.exploit-db.com/exploits/35779
References (6)
Scores
EPSS
0.1490
EPSS Percentile
94.4%
Classification
CWE
CWE-79
Status
published
Affected Products (12)
cisco/ciscoworks_common_services
< 3.3
cisco/ciscoworks_common_services
cisco/ciscoworks_common_services
cisco/ciscoworks_common_services
cisco/ciscoworks_common_services
cisco/ciscoworks_common_services
cisco/ciscoworks_common_services
cisco/ciscoworks_common_services
cisco/ciscoworks_common_services
cisco/ciscoworks_common_services
cisco/ciscoworks_common_services
n/a/n/a
Timeline
Published
May 20, 2011
Tracked Since
Feb 18, 2026