Cisco » 8500 Wireless Lan Controller : Security Vulnerabilities, CVEs, Published In 2012
Cross-site scripting (XSS) vulnerability in screens/base/web_auth_custom.html on Cisco Wireless LAN Controller (WLC) devices with software 7.2.110.0 allows remote authenticated users to inject arbitrary web script or HTML via the headline parameter, aka Bug ID CSCud65187, a different vulnerability than CVE-2012-5992.
Max CVSS
4.3
EPSS Score
0.16%
Published
2012-12-19
Updated
2013-01-30
Multiple cross-site request forgery (CSRF) vulnerabilities on Cisco Wireless LAN Controller (WLC) devices with software 7.2.110.0 allow remote attackers to hijack the authentication of administrators for requests that (1) add administrative accounts via screens/aaa/mgmtuser_create.html or (2) insert XSS sequences via the headline parameter to screens/base/web_auth_custom.html, aka Bug ID CSCud50283.
Max CVSS
6.8
EPSS Score
0.15%
Published
2012-12-19
Updated
2013-01-30
screens/base/web_auth_custom.html on Cisco Wireless LAN Controller (WLC) devices with software 7.2.110.0 allows remote authenticated users to cause a denial of service (device reload) via a certain buttonClicked value in an internal webauth_type request, aka Bug ID CSCud50209.
Max CVSS
6.3
EPSS Score
0.10%
Published
2012-12-19
Updated
2013-01-30
3 vulnerabilities found