Cross-site Scripting Vulnerability in Cisco Secure Access Control System
CVE-2014-0663

Currently unrated

Key Information:

Vendor: Cisco
Status: Secure Access Control System
Vendor: CVE Published:; 10 January 2014

Summary

The Cisco Secure Access Control System is affected by a cross-site scripting (XSS) vulnerability that allows remote attackers to inject arbitrary web scripts or HTML through an unspecified parameter. This flaw could potentially lead to unauthorized actions on behalf of users, exposing sensitive information and compromising the security of web sessions. Organizations utilizing this product should assess their security posture and apply necessary mitigations.

References

http://tools.cisco.com/security/center/viewAlert.x?alertI...

x_refsource_CONFIRM

http://www.securitytracker.com/id/1029595

vdb-entryx_refsource_SECTRACK

http://osvdb.org/101914

vdb-entryx_refsource_OSVDB

Timeline

Vulnerability published
Jan 10, 2014
Vulnerability Reserved
Jan 2, 2014