Cisco IOS Cross-Site Scripting Vulnerabilities

Execution of arbitrary script code in the user's browser; possible temporary admin interface defacement; possible redirection of confidential information to unauthorized parties; possible cross-site request forgery to perform unauthorized administrative changes

* Cisco bug ID CSCsi13344 - XSS in IOS HTTP Server Special Characters are not escaped in URL strings sent to the HTTP server.
(registered customers only)
http://tools.cisco.com/Support/BugToolKit/search/getBugDetails.do?method=fetchBugDetails&bugId=CSCsi13344

* Cisco bug ID CSCsr72301 - XSS in IOS HTTP Server (ping parameter) Special Characters are not escaped in URL strings sent to the HTTP server, via the ping parameter. The ping parameter is used both by external applications such as Router and Security Device Manager (SDM) as well as a direct HTTP session to Cisco IOS http server. This vulnerability affects 12.1E based trains and all Cisco IOS releases after 12.2(13)T.
( registered customers only)
http://tools.cisco.com/Support/BugToolKit/search/getBugDetails.do?method=fetchBugDetails&bugId=CSCsr72301

These vulnerabilities are independent of each other. For a full solution, download a Cisco IOS version that contains the fixes for both Cisco bug IDs. These vulnerabilities have been assigned Common Vulnerabilities and Exposures (CVE) identifier CVE-2008-3821.