CVE-2011-0962

Cisco Unified Operations Manager < 8.6 - Cross-Site Scripting via Tag Parameter

Title source: llm

Exploitation Summary

EIP tracks 2 public exploits for CVE-2011-0962. PoCs published by Sense of Security.

AI-analyzed exploit summary This advisory details multiple vulnerabilities in Cisco Unified Operations Manager, including blind SQL injection, reflected XSS, and directory traversal. It provides specific exploit paths and technical details for each CVE.

Description

Cross-site scripting (XSS) vulnerability in CSCOnm/servlet/com.cisco.nm.help.ServerHelpEngine in the Common Services Device Center in Cisco Unified Operations Manager (CUOM) before 8.6 allows remote attackers to inject arbitrary web script or HTML via the tag parameter, aka Bug ID CSCto12712.

Exploits (2)

exploitdb WRITEUP VERIFIED

by Sense of Security · textremotewindows

https://www.exploit-db.com/exploits/17304

View Code ZIP pw:eip

This advisory details multiple vulnerabilities in Cisco Unified Operations Manager, including blind SQL injection, reflected XSS, and directory traversal. It provides specific exploit paths and technical details for each CVE.

Classification

Writeup 100%

Attack Type

Sqli | Xss | Info Leak

Complexity

Moderate

Reliability

Reliable

Target: Cisco Unified Operations Manager 8.0 and 8.5

Auth required

Prerequisites: Authenticated access to the target system

MITRE ATT&CK

T1189 - Drive-by Compromise T1059 - Command and Scripting Interpreter T1005 - Data from Local System

devstral-2 · analyzed Feb 18, 2026 Full analysis →

exploitdb WRITEUP VERIFIED

by Sense of Security · textremotehardware

https://www.exploit-db.com/exploits/35780

View Code ZIP pw:eip

The provided text describes a cross-site scripting (XSS) vulnerability in Cisco Unified Operations Manager. It includes a proof-of-concept URL demonstrating the vulnerability but does not contain executable exploit code.

Classification

Writeup 90%

Attack Type

Xss

Complexity

Trivial

Reliability

Reliable

Target: Cisco Unified Operations Manager versions prior to 8.6

No auth needed

Prerequisites: Access to a vulnerable Cisco Unified Operations Manager instance

MITRE ATT&CK

T1059.007 - JavaScript

devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (5)

Core 5

Core References

Various Sources x_refsource_confirm

http://tools.cisco.com/security/center/viewAlert.x?alertId=23087

Exploit, URL Repurposed x_refsource_misc

http://www.senseofsecurity.com.au/advisories/SOS-11-006.pdf

Exploit mailing-list x_refsource_fulldisc

http://archives.neohapsis.com/archives/fulldisclosure/2011-05/0371.html

Exploit exploit x_refsource_exploit-db

http://www.exploit-db.com/exploits/17304

Third Party Advisory, VDB Entry vdb-entry x_refsource_xf

https://exchange.xforce.ibmcloud.com/vulnerabilities/67524

Scores

EPSS 0.0465

EPSS Percentile 90.6%

Details

CWE

CWE-79

Status published

Products (10)

cisco/unified_operations_manager 1.1

cisco/unified_operations_manager 2.0

cisco/unified_operations_manager 2.0.1

cisco/unified_operations_manager 2.0.2

cisco/unified_operations_manager 2.0.3

cisco/unified_operations_manager 2.1

cisco/unified_operations_manager 2.2

cisco/unified_operations_manager 2.3

cisco/unified_operations_manager 8.0

cisco/unified_operations_manager < 8.5

Published May 20, 2011

Tracked Since Feb 18, 2026