---------------------------------------------------------------------- Want a new job? http://secunia.com/secunia_vacancies/ Secunia is looking for new researchers with a reversing background and experience in writing exploit code: http://secunia.com/hardcore_disassembler_and_reverse_engineer/ http://secunia.com/Disassembling_og_Reversing/ ---------------------------------------------------------------------- TITLE: Cisco Multiple Products Online Help System Cross-Site Scripting SECUNIA ADVISORY ID: SA24499 VERIFY ADVISORY: http://secunia.com/advisories/24499/ CRITICAL: Less critical IMPACT: Cross Site Scripting WHERE: >From remote OPERATING SYSTEM: Cisco 2000 Series Wireless LAN Controller http://secunia.com/product/6035/ Cisco Unified Videoconferencing 3500 Series Products http://secunia.com/product/13671/ Cisco Secure ACS Solution Engine 4.x http://secunia.com/product/13658/ SOFTWARE: CiscoWorks Monitoring Center for Security 1.x http://secunia.com/product/5603/ CiscoWorks Management Center for IPS Sensors (IPSMC) 2.x http://secunia.com/product/6025/ CiscoWorks Internetwork Performance Monitor (IPM) 2.x http://secunia.com/product/11850/ CiscoWorks Common Services Software 3.x http://secunia.com/product/6330/ CiscoWorks Common Services Software 2.x http://secunia.com/product/2266/ CiscoWorks Common Services Software 1.x http://secunia.com/product/2267/ CiscoWorks Campus Manager 4.x http://secunia.com/product/11849/ CiscoWorks Campus Manager 3.x http://secunia.com/product/11848/ Cisco WAN Manager (CWM) 15.x http://secunia.com/product/13672/ Cisco WAN Manager (CWM) 12.x http://secunia.com/product/13673/ Cisco WAN Manager (CWM) 11.x http://secunia.com/product/13674/ Cisco WAN Manager (CWM) 10.x http://secunia.com/product/13675/ Cisco VPN Client 2.x http://secunia.com/product/123/ Cisco VPN 5000 Client 5.x http://secunia.com/product/259/ Cisco Unified Video Advantage 2.x http://secunia.com/product/13668/ Cisco Unified Personal Communicator 1.x http://secunia.com/product/13660/ Cisco Unified MeetingPlace Express 2.x http://secunia.com/product/13664/ Cisco Unified MeetingPlace Express 1.x http://secunia.com/product/13665/ Cisco Unified MeetingPlace 6.x http://secunia.com/product/13663/ Cisco Unified MeetingPlace 5.x http://secunia.com/product/13661/ Cisco Unified MeetingPlace 4.x http://secunia.com/product/13662/ Cisco Unified CallManager 5.x http://secunia.com/product/11019/ Cisco Unified CallManager 4.x http://secunia.com/product/5363/ Cisco Secure ACS 4.x http://secunia.com/product/10635/ Cisco IP Communicator 2.x http://secunia.com/product/13667/ Cisco IP Communicator 1.x http://secunia.com/product/13666/ Cisco Catalyst 6500 Series Network Analysis Module (NAM-1/NAM-2) http://secunia.com/product/2272/ Cisco CallManager 5.x http://secunia.com/product/12535/ Cisco CallManager 4.x http://secunia.com/product/12534/ Cisco CallManager 3.x http://secunia.com/product/2805/ CiscoWorks Monitoring Center for Security 2.x http://secunia.com/product/5604/ Cisco Router and Security Device Manager (SDM) http://secunia.com/product/13676/ DESCRIPTION: A vulnerability has been reported in various Cisco products, which can be exploited by malicious people to conduct cross-site scripting attacks. Input passed to the search code of PreSearch.html or PreSearch.class (depending on software or device) is not properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected software or device. SOLUTION: If possible, the vendor recommends deleting or renaming the PreSearch.html and PreSearch.class files. PROVIDED AND/OR DISCOVERED BY: Independently discovered by Erwin Paternotte from Fox-IT and Cassio Goldschmidt. ORIGINAL ADVISORY: http://www.cisco.com/warp/public/707/cisco-sr-20070315-xss.shtml ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------