low
2.6
CWE
NVD-CWE-Other 79
Advisory Published
Updated

CVE-2005-3921: XSS

First published: Wed Nov 30 2005(Updated: )

Cross-site scripting (XSS) vulnerability in Cisco IOS Web Server for IOS 12.0(2a) allows remote attackers to inject arbitrary web script or HTML by (1) packets containing HTML that an administrator views via an HTTP interface to the contents of memory buffers, as demonstrated by the URI /level/15/exec/-/buffers/assigned/dump; or (2) sending the router Cisco Discovery Protocol (CDP) packets with HTML payload that an administrator views via the CDP status pages. NOTE: these vectors were originally reported as being associated with the dump and packet options in /level/15/exec/-/show/buffers.

Credit: cve@mitre.org

Affected SoftwareAffected VersionHow to fix
Cisco IOS=12.4\(2\)t2
Cisco IOS=12.3ym
Cisco IOS=12.3\(14\)ym4
Cisco IOS=12.3yq
Cisco IOS=12.3\(10\)
Cisco IOS=12.3xr
Cisco IOS=12.4t
Cisco IOS=12.3\(2\)xe4
Cisco IOS=12.3\(14\)t5
Cisco IOS=12.3bc
Cisco IOS=12.3\(11\)t9
Cisco IOS=12.3\(5c\)
Cisco IOS=12.3\(4\)xd1
Cisco IOS=12.3yw
Cisco IOS=12.3ya
Cisco IOS=12.3\(14\)yq
Cisco IOS=12.3\(11\)yw
Cisco IOS=12.3yl
Cisco IOS=12.3\(11\)yf3
Cisco IOS=12.3\(11\)yf2
Cisco IOS=12.3\(11\)t8
Cisco IOS=12.3\(8\)xy5
Cisco IOS=12.4\(5\)
Cisco IOS=12.3xs
Cisco IOS=12.3\(5a\)
Cisco IOS=12.3xg
Cisco IOS=12.3\(13a\)
Cisco IOS=12.3yr
Cisco IOS=12.3\(11\)t4
Cisco IOS=12.4\(2\)mr
Cisco IOS=12.3\(14\)yu1
Cisco IOS=12.4\(3b\)
Cisco IOS=12.3\(3h\)
Cisco IOS=12.3\(8\)yg
Cisco IOS=12.3\(14\)t2
Cisco IOS=12.3bw
Cisco IOS=12.3\(7\)t9
Cisco IOS=12.3xd
Cisco IOS=12.3xm
Cisco IOS=12.3\(11\)yn
Cisco IOS=12.3\(9a\)bc2
Cisco IOS=12.3xw
Cisco IOS=12.3\(7\)t8
Cisco IOS=12.4mr
Cisco IOS=12.3\(11\)xl
Cisco IOS=12.3\(14\)yq1
Cisco IOS=12.3\(8\)yf
Cisco IOS=12.3\(10d\)
Cisco IOS=12.4\(4\)t
Cisco IOS=12.3xi
Cisco IOS=12.3\(4\)t2
Cisco IOS=12.3\(11\)t
Cisco IOS=12.3\(5a\)b
Cisco IOS=12.3\(8\)yg1
Cisco IOS=12.3\(7\)ja
Cisco IOS=12.3\(2\)jk1
Cisco IOS=12.3yj
Cisco IOS=12.3\(5a\)b2
Cisco IOS=12.3\(4\)xk3
Cisco IOS=12.3\(3i\)
Cisco IOS=12.3\(7\)xi7
Cisco IOS=12.3\(2\)ja5
Cisco IOS=12.3\(8\)t11
Cisco IOS=12.3\(4\)xk1
Cisco IOS=12.3xt
Cisco IOS=12.3yu
Cisco IOS=12.4\(2\)t1
Cisco IOS=12.3\(5a\)b5
Cisco IOS=12.3xj
Cisco IOS=12.3\(4\)xd2
Cisco IOS=12.3t
Cisco IOS=12.3\(5\)
Cisco IOS=12.3\(14\)t4
Cisco IOS=12.3\(8\)t9
Cisco IOS=12.3\(4\)t3
Cisco IOS=12.3\(7.7\)
Cisco IOS=12.3\(8\)t7
Cisco IOS=12.3\(4\)ja
Cisco IOS=12.3\(3e\)
Cisco IOS=12.3\(2\)t3
Cisco IOS=12.3\(11\)yk
Cisco IOS=12.3\(13a\)bc1
Cisco IOS=12.4\(1\)
Cisco IOS=12.3\(15\)
Cisco IOS=12.3\(14\)t
Cisco IOS=12.3\(2\)t8
Cisco IOS=12.4\(2\)mr1
Cisco IOS=12.3\(9d\)
Cisco IOS=12.3\(10e\)
Cisco IOS=12.3\(8\)xy6
Cisco IOS=12.3xz
Cisco IOS=12.3\(2\)xc4
Cisco IOS=12.3\(12b\)
Cisco IOS=12.3\(4\)xk
Cisco IOS=12.3\(2\)xc3
Cisco IOS=12.3yd
Cisco IOS=12.3\(11\)ys
Cisco IOS=12.3\(6e\)
Cisco IOS=12.3\(2\)ja
Cisco IOS=12.4\(2\)xb
Cisco IOS=12.3\(4\)xh
Cisco IOS=12.3\(13b\)
Cisco IOS=12.3\(9e\)
Cisco IOS=12.3\(10c\)
Cisco IOS=12.3\(8\)t4
Cisco IOS=12.3\(8\)xy4
Cisco IOS=12.3\(11\)
Cisco IOS=12.4\(1c\)
Cisco IOS=12.3xf
Cisco IOS=12.3xl
Cisco IOS=12.4\(1b\)
Cisco IOS=12.4\(3a\)
Cisco IOS=12.3yk
Cisco IOS=12.3\(4\)t
Cisco IOS=12.3\(5f\)
Cisco IOS=12.3yb
Cisco IOS=12.3yf
Cisco IOS=12.3\(11\)xl3
Cisco IOS=12.3\(4\)xq
Cisco IOS=12.3\(11\)ys1
Cisco IOS=12.3\(8\)yd
Cisco IOS=12.3\(9a\)bc
Cisco IOS=12.3\(4\)xk4
Cisco IOS=12.3\(14\)yq3
Cisco IOS=12.3\(4\)xg5
Cisco IOS=12.4\(2\)t
Cisco IOS=12.3\(7\)xr4
Cisco IOS=12.3\(7\)t
Cisco IOS=12.3\(4\)eo1
Cisco IOS=12.3\(11\)yf4
Cisco IOS=12.3\(5e\)
Cisco IOS=12.3\(4\)t4
Cisco IOS=12.3\(8\)yg2
Cisco IOS=12.3yt
Cisco IOS=12.3\(14\)yt
Cisco IOS=12.3xb
Cisco IOS=12.3\(14\)yq4
Cisco IOS=12.3\(6\)
Cisco IOS=12.3\(8\)yi1
Cisco IOS=12.3\(2\)xe3
Cisco IOS=12.3\(7\)xi3
Cisco IOS<=12.3
Cisco IOS=12.3yg
Cisco IOS=12.3xu
Cisco IOS=12.3xy
Cisco IOS=12.3\(7\)t12
Cisco IOS=12.3\(8\)ya1
Cisco IOS=12.3\(4\)xe4
Cisco IOS=12.3xc
Cisco IOS=12.3\(11\)t6
Cisco IOS=12.4
Cisco IOS=12.3\(4\)xd
Cisco IOS=12.3\(9a\)bc6
Cisco IOS=12.3\(4\)ja1
Cisco IOS=12.3\(7\)xi4
Cisco IOS=12.3\(4\)t1
Cisco IOS=12.3xv
Cisco IOS=12.3xe
Cisco IOS=12.3\(11\)yk2
Cisco IOS=12.3\(7\)xr3
Cisco IOS=12.3\(9\)
Cisco IOS=12.3\(7\)jx
Cisco IOS=12.3tpc
Cisco IOS=12.3ja
Cisco IOS=12.3\(14\)yu
Cisco IOS=12.3\(12e\)
Cisco IOS=12.4xa
Cisco IOS=12.3\(11\)yl
Cisco IOS=12.3\(11\)t5
Cisco IOS=12.3\(5b\)
Cisco IOS=12.3\(4\)xg1
Cisco IOS=12.3\(13\)
Cisco IOS=12.3\(11\)yf
Cisco IOS=12.3\(8\)yi
Cisco IOS=12.3\(2\)xa4
Cisco IOS=12.3yx
Cisco IOS=12.3\(16\)
Cisco IOS=12.3xq
Cisco IOS=12.3\(2\)xc2
Cisco IOS=12.3xh
Cisco IOS=12.3\(11\)yk1
Cisco IOS=12.3\(14\)yt1
Cisco IOS=12.4\(2\)xa
Cisco IOS=12.3\(8\)yi3
Cisco IOS=12.3\(7\)t4
Cisco IOS=12.3\(6d\)
Cisco IOS=12.3\(2\)xc1
Cisco IOS=12.3\(4\)xg2
Cisco IOS=12.3ys
Cisco IOS=12.3jk
Cisco IOS=12.3b
Cisco IOS=12.3\(6f\)
Cisco IOS=12.3\(8\)yh
Cisco IOS=12.3yh
Cisco IOS=12.3\(11\)yr
Cisco IOS=12.3\(4\)xg4
Cisco IOS=12.3\(8\)t8
Cisco IOS=12.3\(2\)xa5
Cisco IOS=12.4xb
Cisco IOS=12.3\(7\)xr6
Cisco IOS=12.3\(8\)xu2
Cisco IOS=12.3\(9a\)bc7
Cisco IOS=12.3xx
Cisco IOS=12.3\(12\)
Cisco IOS=12.3\(13a\)bc
Cisco IOS=12.3\(7\)ja1
Cisco IOS=12.3\(11\)yj
Cisco IOS=12.3xa
Cisco IOS=12.3yi
Cisco IOS=12.3yc
Cisco IOS=12.3\(2\)jk
Cisco IOS=12.3\(1a\)
Cisco IOS=12.3\(4\)tpc11a
Cisco IOS=12.3\(7\)t10
Cisco IOS=12.3ye
Cisco IOS=12.3\(4\)t8
Cisco IOS=12.3\(6a\)
Cisco IOS=12.3\(5\)b1
Cisco IOS=12.3xk
Cisco IOS=12.3\(4\)xq1
Cisco IOS=12.3yn
Cisco IOS=12.3xn
Cisco IOS=12.3\(15b\)
Cisco IOS=12.3jx
Cisco IOS=12.3\(8\)yg3

Never miss a vulnerability like this again

Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.

Read MoreStart Free Trial

Reference Links

Frequently Asked Questions

  • What is the severity of CVE-2005-3921?

    CVE-2005-3921 has a moderate severity level due to the potential for cross-site scripting attacks.

  • How do I fix CVE-2005-3921?

    To fix CVE-2005-3921, upgrade to a version of Cisco IOS that is not affected by this vulnerability.

  • What versions of Cisco IOS are vulnerable to CVE-2005-3921?

    CVE-2005-3921 affects various versions of Cisco IOS, particularly those prior to 12.4(3b).

  • What type of attack does CVE-2005-3921 allow?

    CVE-2005-3921 allows remote attackers to perform cross-site scripting (XSS) attacks.

  • Who can be affected by CVE-2005-3921?

    Administrators who access the affected Cisco IOS Web Server are the primary targets of CVE-2005-3921.

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co
By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.
© 2025 SecAlerts Pty Ltd.
ABN: 70 645 966 203, ACN: 645 966 203