Cross-Site Scripting Vulnerability in Cisco Secure ACS for UNIX
CVE-2006-3101

Currently unrated

Key Information:

Vendor: Cisco
Status: Secure Access Control Server
Vendor: CVE Published:; 21 June 2006

What is CVE-2006-3101?

A cross-site scripting vulnerability exists in LogonProxy.cgi of Cisco Secure ACS for UNIX 2.3. This flaw allows remote attackers to inject malicious web scripts or HTML content into the application through the error, SSL, and Ok parameters. Successful exploitation could lead to unauthorized actions being performed by users, potentially exposing sensitive information or allowing attackers to gain further access within the system.

References

https://exchange.xforce.ibmcloud.com/vulnerabilities/27166

vdb-entryx_refsource_XF

http://secunia.com/advisories/20699

third-party-advisoryx_refsource_SECUNIA

http://securitytracker.com/id?1016317

vdb-entryx_refsource_SECTRACK

EPSS Score

25% chance of being exploited in the next 30 days.

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jun 21, 2006
Vulnerability Reserved
Jun 20, 2006