Description
Cross-site scripting (XSS) vulnerability in CSCOnm/servlet/com.cisco.nm.help.ServerHelpEngine in the Common Services Device Center in Cisco Unified Operations Manager (CUOM) before 8.6 allows remote attackers to inject arbitrary web script or HTML via the tag parameter, aka Bug ID CSCto12712.
Exploits (2)
exploitdb
WRITEUP
VERIFIED
by Sense of Security · textremotewindows
https://www.exploit-db.com/exploits/17304
exploitdb
WRITEUP
VERIFIED
by Sense of Security · textremotehardware
https://www.exploit-db.com/exploits/35780
References (5)
Core 5
Core References
Various Sources x_refsource_confirm
http://tools.cisco.com/security/center/viewAlert.x?alertId=23087
Exploit, URL Repurposed x_refsource_misc
http://www.senseofsecurity.com.au/advisories/SOS-11-006.pdf
Exploit mailing-list
x_refsource_fulldisc
http://archives.neohapsis.com/archives/fulldisclosure/2011-05/0371.html
Exploit exploit
x_refsource_exploit-db
http://www.exploit-db.com/exploits/17304
Third Party Advisory, VDB Entry vdb-entry
x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/67524
Scores
EPSS
0.0551
EPSS Percentile
90.3%
Details
CWE
CWE-79
Status
published
Products (10)
cisco/unified_operations_manager
1.1
cisco/unified_operations_manager
2.0
cisco/unified_operations_manager
2.0.1
cisco/unified_operations_manager
2.0.2
cisco/unified_operations_manager
2.0.3
cisco/unified_operations_manager
2.1
cisco/unified_operations_manager
2.2
cisco/unified_operations_manager
2.3
cisco/unified_operations_manager
8.0
cisco/unified_operations_manager
< 8.5
Published
May 20, 2011
Tracked Since
Feb 18, 2026