CVE-2008-0533

Currently unrated

Key Information:

Vendor
Cisco
Status
Acs Solution Engine
User Changeable Password
Acs For Windows
Vendor
CVE Published:
14 March 2008

Summary

Multiple cross-site scripting (XSS) vulnerabilities in securecgi-bin/CSuserCGI.exe in User-Changeable Password (UCP) before 4.2 in Cisco Secure Access Control Server (ACS) for Windows and ACS Solution Engine allow remote attackers to inject arbitrary web script or HTML via an argument located immediately after the Help argument, and possibly unspecified other vectors.

References

http://www.recurity-labs.com/content/pub/RecurityLabs_Cis...
x_refsource_MISC
http://www.cisco.com/en/US/products/products_security_adv...
vendor-advisoryx_refsource_CISCO
http://www.securityfocus.com/archive/1/489463/100/0/threaded
mailing-listx_refsource_BUGTRAQ

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.