| Vulnerability Name: | CVE-2012-5990 (CCN-86886) | ||||||||
| Assigned: | 2012-11-21 | ||||||||
| Published: | 2013-09-03 | ||||||||
| Updated: | 2013-09-06 | ||||||||
| Summary: | Multiple cross-site scripting (XSS) vulnerabilities in Health Monitor Login pages in Cisco Prime Network Control System (NCS) and Wireless Control System (WCS) allow remote attackers to inject arbitrary web script or HTML via unspecified vectors, aka Bug ID CSCud18375. | ||||||||
| CVSS v3 Severity: | 5.3 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N)
| ||||||||
| CVSS v2 Severity: | 4.3 Medium (CVSS v2 Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N) 4.1 Medium (Temporal CVSS v2 Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N/E:H/RL:U/RC:UR)
4.1 Medium (CCN Temporal CVSS v2 Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N/E:H/RL:U/RC:UR)
| ||||||||
| Vulnerability Type: | CWE-79 | ||||||||
| Vulnerability Consequences: | Cross-Site Scripting | ||||||||
| References: | Source: MITRE Type: CNA CVE-2012-5990 Source: CCN Type: SA54696 Cisco Prime Network Control System (NCS) Health Monitor Login Page Cross-Site Scripting Vulnerability Source: CCN Type: Cisco Web site Cisco Prime Network Control System Series Appliances Source: CCN Type: US-CERT VU#830316 Cisco Prime Network Control System (NCS) and Wireless Control System (WCS) vulnerable to cross-site scripting (XSS) Source: CERT-VN Type: US Government Resource VU#830316 Source: CCN Type: BID-62143 Multiple Cisco Products CVE-2012-5990 Cross Site Scripting Vulnerability Source: XF Type: UNKNOWN cisco-ncs-cve20125990-xss(86886) | ||||||||
| Vulnerable Configuration: | Configuration 1: Denotes that component is vulnerable | ||||||||
| BACK | |||||||||