Cisco Collaboration Server 5 - XSS & Source Code Disclosure

EDB-ID: 11403 CVE: 2010-0641... OSVDB-ID: 62459...
Verified: Author: s4squatch Published: 2010-02-11
Download Exploit: Source Raw Download Vulnerable App: N/A
Cisco Collaboration Server 5 XSS, Source Code Disclosure

Discovered by:  s4squatch of SecureState R&D Team (

Discovered: 08/26/2008


Note: End of Engineering  -->

Replaced with: and






Java Servlet Source Code Disclosure


The source code of .jhtml files is revealed to the end user by requesting any of the following:


Normal File:                        file.html


Modified 1:                                         file%2Ejhtml

Modified 2:                                         file.jhtm%6C

Modified 3:                                         file.jhtml%00

Modified 4:                                         file.jhtml%c0%80


Cisco Collaboration Server 5 Paths It Works On (list may not be complete)



Related Public Info