Cross-Site Scripting Vulnerability in Cisco Secure Access Control System
CVE-2013-6974

Currently unrated

Key Information:

Vendor: Cisco
Status: Secure Access Control System
Vendor: CVE Published:; 10 January 2014

What is CVE-2013-6974?

A cross-site scripting (XSS) vulnerability exists in the web interface of the Cisco Secure Access Control System (ACS), enabling remote attackers to inject arbitrary web scripts or HTML through an unspecified parameter. This flaw can potentially compromise user data, execute unauthorized actions in a user's context, and lead to exploitation of the application by delivering malicious payloads.

References

http://www.securitytracker.com/id/1029594

vdb-entryx_refsource_SECTRACK

http://tools.cisco.com/security/center/content/CiscoSecur...

vendor-advisoryx_refsource_CISCO

http://secunia.com/advisories/56353

third-party-advisoryx_refsource_SECUNIA

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jan 10, 2014
Vulnerability Reserved
Dec 5, 2013