VULHUB ™

BUGTRAQ ID: 29191 CVE(CAN) ID: CVE-2008-2165 Cisco Building Broadband Service Manager（BBSM）是基于软件的服务创建平台，可为政府部门提供高度自动化的、非常方便的宽带服务方法。 Cisco BBSM的AccessCodeStart.asp页面没有正确地过滤对msg参数的输入便返回给了用户，这允许远程攻击者通过提交恶意URL请求执行跨站脚本攻击，导致在用户浏览器会话中执行任意HTML和脚本代码。 Cisco BBSM 5.3 Cisco ----- 目前厂商已经发布了升级补丁以修复这个安全问题，请到厂商的主页下载： <a href=http://tools.cisco.com/support/downloads/go/ImageList.x?relVer=5.3&amp;mdfid=278455427&amp;sftType=Building%20Broadband%20Service%20Manager%20(BBSM)%20Updates&amp;optPlat=&amp;nodecount=2&amp;edesignator=null&amp;modelName=Cisco%20Building%20Broadband%20Service%20Manager%205.3&amp;treeMdfId=281527126&amp;treeName=Network%20Monitoring%20and%20Management...

BUGTRAQ ID: 29191 CVE(CAN) ID: CVE-2008-2165 Cisco Building Broadband Service Manager（BBSM）是基于软件的服务创建平台，可为政府部门提供高度自动化的、非常方便的宽带服务方法。 Cisco BBSM的AccessCodeStart.asp页面没有正确地过滤对msg参数的输入便返回给了用户，这允许远程攻击者通过提交恶意URL请求执行跨站脚本攻击，导致在用户浏览器会话中执行任意HTML和脚本代码。 Cisco BBSM 5.3 Cisco ----- 目前厂商已经发布了升级补丁以修复这个安全问题，请到厂商的主页下载： <a href=http://tools.cisco.com/support/downloads/go/ImageList.x?relVer=5.3&amp;mdfid=278455427&amp;sftType=Building%20Broadband%20Service%20Manager%20(BBSM)%20Updates&amp;optPlat=&amp;nodecount=2&amp;edesignator=null&amp;modelName=Cisco%20Building%20Broadband%20Service%20Manager%205.3&amp;treeMdfId=281527126&amp;treeName=Network%20Monitoring%20and%20Management target=_blank>http://tools.cisco.com/support/downloads/go/ImageList.x?relVer=5.3&amp;mdfid=278455427&amp;sftType=Building%20Broadband%20Service%20Manager%20(BBSM)%20Updates&amp;optPlat=&amp;nodecount=2&amp;edesignator=null&amp;modelName=Cisco%20Building%20Broadband%20Service%20Manager%205.3&amp;treeMdfId=281527126&amp;treeName=Network%20Monitoring%20and%20Management</a>