Guest

Preview Tool

Cisco Bug: CSCun95178 - DOM CSS report on help page

Last Modified

Nov 20, 2018

Products (1)

  • Cisco 5500 Series Wireless Controllers

Known Affected Releases

7.4(121.0) 7.6(100.0) 8.0(72.140)

Description (partial)

Symptoms:
Cisco Wireless LAN Controller (WLC) devices contain a document object model (DOM) based cross-site scripting vulnerability within the HTML help system.  An unauthenticated, 
remote attacker that can convince a user of an affected system to follow a malicious link or visit an attacker controlled web-page may gain the ability to execute arbitrary HTML or 
script code within the security context of the affected site.

Conditions:
Cisco WLC devices running versions of WLC software prior to 8.0.

Related Community Discussions

Cross site scripting known release?
Hi everyone. Does anyone know whether Cisco has already released a version that has a solution for CSS vulnerability? I have checked the link &quot;https://tools.cisco.com/bugsearch/bug/<key>CSCun95178</key>&quot;, but I still don't see any Known Fixed Releases. Is version 8.0.115.0 affected? I would appreciate any answer, since our customer is asking for a solution to this vulnerability. Thanks.
Latest activity: May 06, 2015
Bug details contain sensitive information and therefore require a Cisco.com account to be viewed.

Bug Details Include

  • Full Description (including symptoms, conditions and workarounds)
  • Status
  • Severity
  • Known Fixed Releases
  • Related Community Discussions
  • Number of Related Support Cases
Bug information is viewable for customers and partners who have a service contract. Registered users can view up to 200 bugs per month without a service contract.