Cross-Site Scripting Vulnerabilities in Cisco Secure Access Control Server
CVE-2008-0533

Currently unrated

Key Information:

Vendor: Cisco
Status: Acs Solution Engine; User Changeable Password; Acs For Windows
Vendor: CVE Published:; 14 March 2008

Summary

Multiple cross-site scripting vulnerabilities exist in the User-Changeable Password (UCP) feature of Cisco Secure Access Control Server (ACS) for Windows and ACS Solution Engine. These vulnerabilities allow remote attackers to inject arbitrary web scripts or HTML code into the application via manipulated arguments, particularly through input following the Help argument. Exploiting these vulnerabilities could lead to unauthorized actions on behalf of users, compromising the integrity and security of affected systems.

References

http://www.recurity-labs.com/content/pub/RecurityLabs_Cis...

x_refsource_MISC

http://www.cisco.com/en/US/products/products_security_adv...

vendor-advisoryx_refsource_CISCO

http://www.securityfocus.com/archive/1/489463/100/0/threaded

mailing-listx_refsource_BUGTRAQ

Timeline

Vulnerability published
Mar 14, 2008
Vulnerability Reserved
Jan 31, 2008