Cross-Site Scripting Vulnerabilities in Cisco Secure Access Control Server
CVE-2011-3317

Currently unrated

Key Information:

Vendor: Cisco
Status: Secure Access Control Server
Vendor: CVE Published:; 2 May 2012

Summary

Multiple cross-site scripting vulnerabilities exist in the Solution Engine of Cisco Secure Access Control Server 5.2. These flaws allow remote attackers to inject arbitrary web scripts or HTML through unspecified vectors, enabling potential exploitation of user interactions. Attackers can leverage this to manipulate user sessions, steal sensitive information, or perform actions on behalf of the users without their consent. Awareness of these vulnerabilities is crucial for maintaining robust security measures.

References

http://secunia.com/advisories/49101

third-party-advisoryx_refsource_SECUNIA

http://www.securityfocus.com/bid/53436

vdb-entryx_refsource_BID

http://www.cisco.com/web/software/282766937/37718/Acs-5-2...

x_refsource_CONFIRM

Timeline

Vulnerability published
May 2, 2012
Vulnerability Reserved
Aug 29, 2011