---------- 转发邮件信息 ---------- 发件人:"SecuriTeam <[EMAIL PROTECTED]>" 发送日期:2008-05-15 03:36:43 [EMAIL PROTECTED] 主题: [NEWS] Cisco BBSM Captive Portal Cross-site Scripting The following security advisory is sent to the securiteam mailing list, and can be found at the SecuriTeam web site: http://www.securiteam.com
- - promotion The SecuriTeam alerts list - Free, Accurate, Independent. Get your security news from a reliable source. http://www.securiteam.com/mailinglist.html - - - - - - - - - Cisco BBSM Captive Portal Cross-site Scripting A non-persistent XSS vulnerability is present within the AccessCodeStart.asp page. A malicious user may leverage this to possibly gain access client information in captive portal/hotspot locations using this software. Example: http://host/ekgnkm/AccessCodeStart.asp?msg=%3Cscript%3Ealert(%22XSS%22);%3C/script%3E Patch Information: Patch URL - http://tools.cisco.com/support/downloads/go/ImageList.x?relVer=5.3&mdfid=278455427&sftType=Building Broadband Service Manager (BBSM) Updates&optPlat=&nodecount=2&edesignator=null&modelName=Cisco Building Broadband Service Manager 5.3&treeMdfId=281527126&treeName=Network Monitoring and Management Download BBSMPatch5332.zip CVE Information: CVE-2008-2165 Additional Information: The information has been provided by Brad Antoniewicz. ================================================================================ This bulletin is sent to members of the SecuriTeam mailing list. To unsubscribe from the list, send mail with an empty subject line and body to: [EMAIL PROTECTED] In order to subscribe to the mailing list and receive advisories in HTML format, simply forward this email to: [EMAIL PROTECTED] ================================================================================ ================================================================================ DISCLAIMER: The information in this bulletin is provided "AS IS" without warranty of any kind. In no event shall we be liable for any damages whatsoever including direct, indirect, incidental, consequential, loss of business profits or special damages. --~--~---------~--~----~------------~-------~--~----~ 要向邮件组发送邮件,请发到 [email protected] 要退订此邮件,请发邮件至 [EMAIL PROTECTED] -~----------~----~----~----~------~----~------~--~---
