Description
Cross-site scripting (XSS) vulnerability in cwhp/device.center.do in the Help servlet in Cisco CiscoWorks Common Services 3.3 and earlier allows remote attackers to inject arbitrary web script or HTML via the device parameter, aka Bug ID CSCto12704.
Exploits (2)
exploitdb
WRITEUP
VERIFIED
by Sense of Security · textremotewindows
https://www.exploit-db.com/exploits/17304
exploitdb
WORKING POC
VERIFIED
by Sense of Security · textremotehardware
https://www.exploit-db.com/exploits/35779
References (6)
Core 6
Core References
Exploit vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/47902
Vendor Advisory x_refsource_confirm
http://tools.cisco.com/security/center/viewAlert.x?alertId=23088
Third Party Advisory, VDB Entry vdb-entry
x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/67523
Exploit, URL Repurposed x_refsource_misc
http://www.senseofsecurity.com.au/advisories/SOS-11-006.pdf
Exploit mailing-list
x_refsource_fulldisc
http://archives.neohapsis.com/archives/fulldisclosure/2011-05/0371.html
Exploit exploit
x_refsource_exploit-db
http://www.exploit-db.com/exploits/17304
Scores
EPSS
0.1490
EPSS Percentile
94.6%
Details
CWE
CWE-79
Status
published
Products (11)
cisco/ciscoworks_common_services
1.0
cisco/ciscoworks_common_services
2.2
cisco/ciscoworks_common_services
3.0
cisco/ciscoworks_common_services
3.0.3
cisco/ciscoworks_common_services
3.0.4
cisco/ciscoworks_common_services
3.0.5
cisco/ciscoworks_common_services
3.0.6
cisco/ciscoworks_common_services
3.1
cisco/ciscoworks_common_services
3.1.1
cisco/ciscoworks_common_services
3.2
... and 1 more
Published
May 20, 2011
Tracked Since
Feb 18, 2026