CVE-2011-0962 Information

Description

Cross-site scripting (XSS) vulnerability in CSCOnm/servlet/com.cisco.nm.help.ServerHelpEngine in the Common Services Device Center in Cisco Unified Operations Manager (CUOM) before 8.6 allows remote attackers to inject arbitrary web script or HTML via the tag parameter aka Bug ID CSCto12712.

Reference

http://archives.neohapsis.com/archives/fulldisclosure/2011-05/0371.html http://tools.cisco.com/security/center/viewAlert.x?alertId=23087 http://www.exploit-db.com/exploits/17304 http://www.senseofsecurity.com.au/advisories/SOS-11-006.pdf https://exchange.xforce.ibmcloud.com/vulnerabilities/67524