low
2.6
CWE
NVD-CWE-Other 79
Advisory Published
Updated

CVE-2005-3921: XSS

First published: Wed Nov 30 2005(Updated: )

Cross-site scripting (XSS) vulnerability in Cisco IOS Web Server for IOS 12.0(2a) allows remote attackers to inject arbitrary web script or HTML by (1) packets containing HTML that an administrator views via an HTTP interface to the contents of memory buffers, as demonstrated by the URI /level/15/exec/-/buffers/assigned/dump; or (2) sending the router Cisco Discovery Protocol (CDP) packets with HTML payload that an administrator views via the CDP status pages. NOTE: these vectors were originally reported as being associated with the dump and packet options in /level/15/exec/-/show/buffers.

Credit: cve@mitre.org

Affected SoftwareAffected VersionHow to fix
Puppet Cisco IOS<=12.3
Puppet Cisco IOS=12.3\(1a\)
Puppet Cisco IOS=12.3\(2\)ja
Puppet Cisco IOS=12.3\(2\)ja5
Puppet Cisco IOS=12.3\(2\)jk
Puppet Cisco IOS=12.3\(2\)jk1
Puppet Cisco IOS=12.3\(2\)t3
Puppet Cisco IOS=12.3\(2\)t8
Puppet Cisco IOS=12.3\(2\)xa4
Puppet Cisco IOS=12.3\(2\)xa5
Puppet Cisco IOS=12.3\(2\)xc1
Puppet Cisco IOS=12.3\(2\)xc2
Puppet Cisco IOS=12.3\(2\)xc3
Puppet Cisco IOS=12.3\(2\)xc4
Puppet Cisco IOS=12.3\(2\)xe3
Puppet Cisco IOS=12.3\(2\)xe4
Puppet Cisco IOS=12.3\(3e\)
Puppet Cisco IOS=12.3\(3h\)
Puppet Cisco IOS=12.3\(3i\)
Puppet Cisco IOS=12.3\(4\)eo1
Puppet Cisco IOS=12.3\(4\)ja
Puppet Cisco IOS=12.3\(4\)ja1
Puppet Cisco IOS=12.3\(4\)t
Puppet Cisco IOS=12.3\(4\)t1
Puppet Cisco IOS=12.3\(4\)t2
Puppet Cisco IOS=12.3\(4\)t3
Puppet Cisco IOS=12.3\(4\)t4
Puppet Cisco IOS=12.3\(4\)t8
Puppet Cisco IOS=12.3\(4\)tpc11a
Puppet Cisco IOS=12.3\(4\)xd
Puppet Cisco IOS=12.3\(4\)xd1
Puppet Cisco IOS=12.3\(4\)xd2
Puppet Cisco IOS=12.3\(4\)xe4
Puppet Cisco IOS=12.3\(4\)xg1
Puppet Cisco IOS=12.3\(4\)xg2
Puppet Cisco IOS=12.3\(4\)xg4
Puppet Cisco IOS=12.3\(4\)xg5
Puppet Cisco IOS=12.3\(4\)xh
Puppet Cisco IOS=12.3\(4\)xk
Puppet Cisco IOS=12.3\(4\)xk1
Puppet Cisco IOS=12.3\(4\)xk3
Puppet Cisco IOS=12.3\(4\)xk4
Puppet Cisco IOS=12.3\(4\)xq
Puppet Cisco IOS=12.3\(4\)xq1
Puppet Cisco IOS=12.3\(5\)
Puppet Cisco IOS=12.3\(5\)b1
Puppet Cisco IOS=12.3\(5a\)
Puppet Cisco IOS=12.3\(5a\)b
Puppet Cisco IOS=12.3\(5a\)b2
Puppet Cisco IOS=12.3\(5a\)b5
Puppet Cisco IOS=12.3\(5b\)
Puppet Cisco IOS=12.3\(5c\)
Puppet Cisco IOS=12.3\(5e\)
Puppet Cisco IOS=12.3\(5f\)
Puppet Cisco IOS=12.3\(6\)
Puppet Cisco IOS=12.3\(6a\)
Puppet Cisco IOS=12.3\(6d\)
Puppet Cisco IOS=12.3\(6e\)
Puppet Cisco IOS=12.3\(6f\)
Puppet Cisco IOS=12.3\(7\)ja
Puppet Cisco IOS=12.3\(7\)ja1
Puppet Cisco IOS=12.3\(7\)jx
Puppet Cisco IOS=12.3\(7\)t
Puppet Cisco IOS=12.3\(7\)t4
Puppet Cisco IOS=12.3\(7\)t8
Puppet Cisco IOS=12.3\(7\)t9
Puppet Cisco IOS=12.3\(7\)t10
Puppet Cisco IOS=12.3\(7\)t12
Puppet Cisco IOS=12.3\(7\)xi3
Puppet Cisco IOS=12.3\(7\)xi4
Puppet Cisco IOS=12.3\(7\)xi7
Puppet Cisco IOS=12.3\(7\)xr3
Puppet Cisco IOS=12.3\(7\)xr4
Puppet Cisco IOS=12.3\(7\)xr6
Puppet Cisco IOS=12.3\(7.7\)
Puppet Cisco IOS=12.3\(8\)t4
Puppet Cisco IOS=12.3\(8\)t7
Puppet Cisco IOS=12.3\(8\)t8
Puppet Cisco IOS=12.3\(8\)t9
Puppet Cisco IOS=12.3\(8\)t11
Puppet Cisco IOS=12.3\(8\)xu2
Puppet Cisco IOS=12.3\(8\)xy4
Puppet Cisco IOS=12.3\(8\)xy5
Puppet Cisco IOS=12.3\(8\)xy6
Puppet Cisco IOS=12.3\(8\)ya1
Puppet Cisco IOS=12.3\(8\)yd
Puppet Cisco IOS=12.3\(8\)yf
Puppet Cisco IOS=12.3\(8\)yg
Puppet Cisco IOS=12.3\(8\)yg1
Puppet Cisco IOS=12.3\(8\)yg2
Puppet Cisco IOS=12.3\(8\)yg3
Puppet Cisco IOS=12.3\(8\)yh
Puppet Cisco IOS=12.3\(8\)yi
Puppet Cisco IOS=12.3\(8\)yi1
Puppet Cisco IOS=12.3\(8\)yi3
Puppet Cisco IOS=12.3\(9\)
Puppet Cisco IOS=12.3\(9a\)bc
Puppet Cisco IOS=12.3\(9a\)bc2
Puppet Cisco IOS=12.3\(9a\)bc6
Puppet Cisco IOS=12.3\(9a\)bc7
Puppet Cisco IOS=12.3\(9d\)
Puppet Cisco IOS=12.3\(9e\)
Puppet Cisco IOS=12.3\(10\)
Puppet Cisco IOS=12.3\(10c\)
Puppet Cisco IOS=12.3\(10d\)
Puppet Cisco IOS=12.3\(10e\)
Puppet Cisco IOS=12.3\(11\)
Puppet Cisco IOS=12.3\(11\)t
Puppet Cisco IOS=12.3\(11\)t4
Puppet Cisco IOS=12.3\(11\)t5
Puppet Cisco IOS=12.3\(11\)t6
Puppet Cisco IOS=12.3\(11\)t8
Puppet Cisco IOS=12.3\(11\)t9
Puppet Cisco IOS=12.3\(11\)xl
Puppet Cisco IOS=12.3\(11\)xl3
Puppet Cisco IOS=12.3\(11\)yf
Puppet Cisco IOS=12.3\(11\)yf2
Puppet Cisco IOS=12.3\(11\)yf3
Puppet Cisco IOS=12.3\(11\)yf4
Puppet Cisco IOS=12.3\(11\)yj
Puppet Cisco IOS=12.3\(11\)yk
Puppet Cisco IOS=12.3\(11\)yk1
Puppet Cisco IOS=12.3\(11\)yk2
Puppet Cisco IOS=12.3\(11\)yl
Puppet Cisco IOS=12.3\(11\)yn
Puppet Cisco IOS=12.3\(11\)yr
Puppet Cisco IOS=12.3\(11\)ys
Puppet Cisco IOS=12.3\(11\)ys1
Puppet Cisco IOS=12.3\(11\)yw
Puppet Cisco IOS=12.3\(12\)
Puppet Cisco IOS=12.3\(12b\)
Puppet Cisco IOS=12.3\(12e\)
Puppet Cisco IOS=12.3\(13\)
Puppet Cisco IOS=12.3\(13a\)
Puppet Cisco IOS=12.3\(13a\)bc
Puppet Cisco IOS=12.3\(13a\)bc1
Puppet Cisco IOS=12.3\(13b\)
Puppet Cisco IOS=12.3\(14\)t
Puppet Cisco IOS=12.3\(14\)t2
Puppet Cisco IOS=12.3\(14\)t4
Puppet Cisco IOS=12.3\(14\)t5
Puppet Cisco IOS=12.3\(14\)ym4
Puppet Cisco IOS=12.3\(14\)yq
Puppet Cisco IOS=12.3\(14\)yq1
Puppet Cisco IOS=12.3\(14\)yq3
Puppet Cisco IOS=12.3\(14\)yq4
Puppet Cisco IOS=12.3\(14\)yt
Puppet Cisco IOS=12.3\(14\)yt1
Puppet Cisco IOS=12.3\(14\)yu
Puppet Cisco IOS=12.3\(14\)yu1
Puppet Cisco IOS=12.3\(15\)
Puppet Cisco IOS=12.3\(15b\)
Puppet Cisco IOS=12.3\(16\)
Puppet Cisco IOS=12.3b
Puppet Cisco IOS=12.3bc
Puppet Cisco IOS=12.3bw
Puppet Cisco IOS=12.3ja
Puppet Cisco IOS=12.3jk
Puppet Cisco IOS=12.3jx
Puppet Cisco IOS=12.3t
Puppet Cisco IOS=12.3tpc
Puppet Cisco IOS=12.3xa
Puppet Cisco IOS=12.3xb
Puppet Cisco IOS=12.3xc
Puppet Cisco IOS=12.3xd
Puppet Cisco IOS=12.3xe
Puppet Cisco IOS=12.3xf
Puppet Cisco IOS=12.3xg
Puppet Cisco IOS=12.3xh
Puppet Cisco IOS=12.3xi
Puppet Cisco IOS=12.3xj
Puppet Cisco IOS=12.3xk
Puppet Cisco IOS=12.3xl
Puppet Cisco IOS=12.3xm
Puppet Cisco IOS=12.3xn
Puppet Cisco IOS=12.3xq
Puppet Cisco IOS=12.3xr
Puppet Cisco IOS=12.3xs
Puppet Cisco IOS=12.3xt
Puppet Cisco IOS=12.3xu
Puppet Cisco IOS=12.3xv
Puppet Cisco IOS=12.3xw
Puppet Cisco IOS=12.3xx
Puppet Cisco IOS=12.3xy
Puppet Cisco IOS=12.3xz
Puppet Cisco IOS=12.3ya
Puppet Cisco IOS=12.3yb
Puppet Cisco IOS=12.3yc
Puppet Cisco IOS=12.3yd
Puppet Cisco IOS=12.3ye
Puppet Cisco IOS=12.3yf
Puppet Cisco IOS=12.3yg
Puppet Cisco IOS=12.3yh
Puppet Cisco IOS=12.3yi
Puppet Cisco IOS=12.3yj
Puppet Cisco IOS=12.3yk
Puppet Cisco IOS=12.3yl
Puppet Cisco IOS=12.3ym
Puppet Cisco IOS=12.3yn
Puppet Cisco IOS=12.3yq
Puppet Cisco IOS=12.3yr
Puppet Cisco IOS=12.3ys
Puppet Cisco IOS=12.3yt
Puppet Cisco IOS=12.3yu
Puppet Cisco IOS=12.3yw
Puppet Cisco IOS=12.3yx
Puppet Cisco IOS=12.4
Puppet Cisco IOS=12.4\(1\)
Puppet Cisco IOS=12.4\(1b\)
Puppet Cisco IOS=12.4\(1c\)
Puppet Cisco IOS=12.4\(2\)mr
Puppet Cisco IOS=12.4\(2\)mr1
Puppet Cisco IOS=12.4\(2\)t
Puppet Cisco IOS=12.4\(2\)t1
Puppet Cisco IOS=12.4\(2\)t2
Puppet Cisco IOS=12.4\(2\)xa
Puppet Cisco IOS=12.4\(2\)xb
Puppet Cisco IOS=12.4\(3a\)
Puppet Cisco IOS=12.4\(3b\)
Puppet Cisco IOS=12.4\(4\)t
Puppet Cisco IOS=12.4\(5\)
Puppet Cisco IOS=12.4mr
Puppet Cisco IOS=12.4t
Puppet Cisco IOS=12.4xa
Puppet Cisco IOS=12.4xb

Never miss a vulnerability like this again

Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.

Read MoreStart Free Trial

Reference Links

Frequently Asked Questions

  • What is the severity of CVE-2005-3921?

    CVE-2005-3921 has a moderate severity level due to the potential for cross-site scripting attacks.

  • How do I fix CVE-2005-3921?

    To fix CVE-2005-3921, upgrade to a version of Cisco IOS that is not affected by this vulnerability.

  • What versions of Cisco IOS are vulnerable to CVE-2005-3921?

    CVE-2005-3921 affects various versions of Cisco IOS, particularly those prior to 12.4(3b).

  • What type of attack does CVE-2005-3921 allow?

    CVE-2005-3921 allows remote attackers to perform cross-site scripting (XSS) attacks.

  • Who can be affected by CVE-2005-3921?

    Administrators who access the affected Cisco IOS Web Server are the primary targets of CVE-2005-3921.

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co
By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.
© 2025 SecAlerts Pty Ltd.
ABN: 70 645 966 203, ACN: 645 966 203