19 March 2007, 13:25

XSS vulnerability in Cisco's online help system

In a security response, Cisco has released details of a cross-site scripting vulnerability in its online help, included in numerous Cisco software products. The bug lies in the search function, PreSearch.html / PreSearch.class, which fails to filter the content entered. Using a prepared link, an attacker could execute JavaScript in the user's web browser if the user follows the particular link. The vendor does not elucidate what the consequences of this might be for the relevant software.

Numerous products are affected, including the VPN client, IP Communicator, CallManager and Secure Access Control Server. The security response from Cisco provides a full overview. No update is available - Cisco suggests deleting or renaming the PreSearch.html or PreSearch.class files.

Channels

Services

XSS vulnerability in Cisco's online help system

Also on The H:

Content Security Policy halts XSS in its tracks

Skype's ominous link checking: Facts and speculation

Password protection for everyone

Two clicks for more privacy

What's new in SUSE Linux Enterprise 11 SP3

What's new in Fedora 19

What's new in Linux 3.10

Free Software post-PRISM

Kernel Log: Coming in 3.10 (Part 4) - Drivers

The trouble with "Business Source"

Kernel Log: Coming in 3.10 (Part 3) - Infrastructure

Whatever happened to Google?

Java EE 7 at a glance

Continuous database migration with Liquibase and Flyway

Unit testing with Node.js

Ruby 2.0 - the 20th birthday present

Linux Mint 15: A better Ubuntu for the desktop

What's new in Linux 3.9

Replacing Google Reader

Attacking TrueCrypt

The H

The H Open

The H Security

The H Developer

The H Internet Toolkit