CVE ID:	CVE-2008-3821
Description:	Multiple cross-site scripting (XSS) vulnerabilities in the HTTP server in Cisco IOS 11.0 through 12.4 allow remote attackers to inject arbitrary web script or HTML via (1) the query string to the ping program or (2) unspecified other aspects of the URI.
Test IDs:	None available
Cross References:	Common Vulnerability Exposure (CVE) ID: CVE-2008-3821 Bugtraq: 20090114 PR08-19: XSS on Cisco IOS HTTP Server (Google Search) http://www.securityfocus.com/archive/1/archive/1/500063/100/0/threaded http://www.procheckup.com/vulnerability_manager/vulnerabilities/pr08-19 Cisco Security Advisory: 20090114 Cisco IOS Cross-Site Scripting Vulnerabilities http://www.cisco.com/en/US/products/products_security_response09186a0080a5c501.html http://jvn.jp/en/jp/JVN28344798/index.html BugTraq ID: 33260 http://www.securityfocus.com/bid/33260 http://www.vupen.com/english/advisories/2009/0138 http://osvdb.org/51393 http://osvdb.org/51394 http://securitytracker.com/id?1021598 http://secunia.com/advisories/33461 http://securityreason.com/securityalert/4916 XForce ISS Database: cisco-ios-httpserver-ping-xss(47947) http://xforce.iss.net/xforce/xfdb/47947

New User Registration Email: UserID: Passwd: Please email me your monthly newsletters, informing the latest services, improvements & surveys. Please email me a vulnerability test announcement whenever a new test is added.     Privacy

Registered User Login   UserID:     Passwd:     Forgot userid or passwd? Email/Userid: