Preview Tool

Cisco Bug: CSCvi91980 - GET to with injected data in request URL param results in resp with injected data

Last Modified

Aug 08, 2018

Products (1)

  • Headend System Releases

Known Affected Releases


Description (partial)

A GET request to /dncs/bfs/ with injected data in the siteName request URL parameter results in a response with the injected data.
EC returns 200 with the following in the Set-Cookie response header:
Set-Cookie: BACKUP_BAR="EC|/dncs/console/|Site \"'><IMG SRC=\"/WF_XSRF84105.html\">
And the following in the body:
<a href="../bfs/"'><IMG SRC="/WF_XSRF84105.html">" id="Site "'><IMG SRC="/WF_XSRF84105.html"> Broadcast File Server List URL">

Default state
Bug details contain sensitive information and therefore require a account to be viewed.

Bug Details Include

  • Full Description (including symptoms, conditions and workarounds)
  • Status
  • Severity
  • Known Fixed Releases
  • Related Community Discussions
  • Number of Related Support Cases
Bug information is viewable for customers and partners who have a service contract. Registered users can view up to 200 bugs per month without a service contract.