CVE-2006-3289

medium

Description

Cross-site scripting (XSS) vulnerability in the login page of the HTTP interface for the Cisco Wireless Control System (WCS) for Linux and Windows before 3.2(51) allows remote attackers to inject arbitrary web script or HTML via unspecified vectors involving a "malicious URL".

References

https://exchange.xforce.ibmcloud.com/vulnerabilities/27441

http://www.vupen.com/english/advisories/2006/2583

http://www.securityfocus.com/bid/18701

http://www.osvdb.org/26880

http://www.cisco.com/warp/public/707/cisco-sa-20060628-wcs.shtml

http://securitytracker.com/id?1016398

http://secunia.com/advisories/20870

Details

Source: Mitre, NVD

Published: 2006-06-28

Updated: 2026-04-16

Risk Information

CVSS v2

Base Score: 2.6

Vector: CVSS2#AV:N/AC:H/Au:N/C:N/I:P/A:N

Severity: Low

CVSS v3

Base Score: 6.1

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Severity: Medium

EPSS

EPSS: 0.00496