Vulnerability Details CVE-2009-0470
Multiple cross-site scripting (XSS) vulnerabilities in the HTTP server in Cisco IOS 12.4(23) allow remote attackers to inject arbitrary web script or HTML via the PATH_INFO to the default URI under (1) level/15/exec/-/ or (2) exec/, a different vulnerability than CVE-2008-3821.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.05
EPSS Ranking 89.3%
CVSS Severity
CVSS v2 Score 4.3
References