Comments on: Advisory: Cross Site Scripting in CiscoWorks http://www.liquidmatrix.org/blog/2007/12/05/advisory-cross-site-scripting-in-ciscoworks/ Bringing Fire To The Village: Your Source For Computer, Network & Information Security News from Dave Lewis, Security Blogger Sat, 11 Oct 2008 10:50:41 +0000 http://wordpress.org/?v=2.6.2 By: KATIRINA TRACY http://www.liquidmatrix.org/blog/2007/12/05/advisory-cross-site-scripting-in-ciscoworks/#comment-68055 KATIRINA TRACY Mon, 18 Feb 2008 21:20:20 +0000 http://www.liquidmatrix.org/blog/2007/12/05/advisory-cross-site-scripting-in-ciscoworks/#comment-68055 Guys....I need someone to train my client on a 1/2 day session on CiscoWorks LMS. The gig is up here in Northern New Jersey. Great way to make $1500 during a day off. Let me know if u know anyone or if you are interested. THX!!!!! Kat 201-505-9489 Guys….I need someone to train my client on a 1/2 day session on CiscoWorks LMS. The gig is up here in Northern New Jersey. Great way to make $1500 during a day off. Let me know if u know anyone or if you are interested. THX!!!!! Kat
201-505-9489

]]> By: בניית אתרים http://www.liquidmatrix.org/blog/2007/12/05/advisory-cross-site-scripting-in-ciscoworks/#comment-67982 בניית אתרים Fri, 01 Feb 2008 12:38:10 +0000 http://www.liquidmatrix.org/blog/2007/12/05/advisory-cross-site-scripting-in-ciscoworks/#comment-67982 i looked for this article couple of months thanks a lot i looked for this article couple of months
thanks a lot

]]> By: Dave Lewis http://www.liquidmatrix.org/blog/2007/12/05/advisory-cross-site-scripting-in-ciscoworks/#comment-67859 Dave Lewis Fri, 04 Jan 2008 15:02:28 +0000 http://www.liquidmatrix.org/blog/2007/12/05/advisory-cross-site-scripting-in-ciscoworks/#comment-67859 @Albert Thanks. Yes, this would require a Ciscoworks user to follow a specially crafted link that would be used to capture the aforementioned information. Beyond that I'm reticent to provide more information. I would suggest that you apply the patch that fixes this issue if that is an option. @Albert

Thanks. Yes, this would require a Ciscoworks user to follow a specially crafted link that would be used to capture the aforementioned information. Beyond that I’m reticent to provide more information. I would suggest that you apply the patch that fixes this issue if that is an option.

]]> By: Albert Yu http://www.liquidmatrix.org/blog/2007/12/05/advisory-cross-site-scripting-in-ciscoworks/#comment-67858 Albert Yu Fri, 04 Jan 2008 14:52:36 +0000 http://www.liquidmatrix.org/blog/2007/12/05/advisory-cross-site-scripting-in-ciscoworks/#comment-67858 Dave, Thanks for your contribution. Our company is also using Ciscoworks on windows platform so we would like to understand more about this possible XSS attack - Cross Site Scripting in CiscoWorks. If I understand correctly, the hackers will be able to obtain the cookies and username/passwords for the ciscoworks application without knowing any proper credential. The cross site script can be executed without any authentictaion required due to the vulnerability. Thanks for your clarification. Dave,

Thanks for your contribution. Our company is also using Ciscoworks on windows platform so we would like to understand more about this possible XSS attack - Cross Site Scripting in CiscoWorks. If I understand correctly, the hackers will be able to obtain the cookies and username/passwords for the ciscoworks application without knowing any proper credential. The cross site script can be executed without any authentictaion required due to the vulnerability.

Thanks for your clarification.

]]>