Computer Security
[EN] securityvulns.ru no-pyccku


Cisco Wireless Control System crossite scripting
updated since 09.08.2010
Published:11.08.2010
Source:
SecurityVulns ID:11043
Type:remote
Threat Level:
5/10
Description:Crossite scripting and SQL injection in Web interface.
Affected:CISCO : Wireless Control System 6.0
CVE:CVE-2010-2826 (SQL injection vulnerability in Cisco Wireless Control System (WCS) 6.0.x before 6.0.196.0 allows remote authenticated users to execute arbitrary SQL commands via vectors related to the ORDER BY clause of the Client List screens, aka Bug ID CSCtf37019.)
Original documentdocumentCISCO, Cisco Security Advisory: SQL Injection Vulnerability in Cisco Wireless Control System (11.08.2010)
 documentTom Neaves, Cisco Wireless Control System XSS (09.08.2010)

About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
Nizhny Novgorod