CVE-2010-2986

Name of the Vulnerable Software and Affected Versions Cisco Wireless Control System (WCS) versions prior to 6.0(194.0) Cisco Wireless Control System (WCS) versions 7.x prior to 7.0.164

Description A cross-site scripting (XSS) issue exists in the search feature of the web interface, allowing remote attackers to inject arbitrary web script or HTML via the searchText parameter.

Recommendations For versions prior to 6.0(194.0), update to version 6.0(194.0) or later. For versions 7.x prior to 7.0.164, update to version 7.0.164 or later. As a temporary workaround, consider restricting access to the web interface or avoiding the use of the searchText parameter in the vulnerable webacs/QuickSearchAction.do endpoint until a patch is available.