Cross-Site Scripting in Cisco AnyConnect Secure Mobility Client and Cisco HostScan Engine
CVE-2014-8021

Currently unrated

Key Information:

Vendor: Cisco
Status: Hostscan Engine
Vendor: CVE Published:; 3 February 2015

Summary

A cross-site scripting vulnerability exists in Cisco AnyConnect Secure Mobility Client versions 3.1 and earlier, as well as in Cisco HostScan Engine versions 3.1 and earlier. This vulnerability enables remote attackers to inject malicious web scripts or HTML through specific applet-path URL vectors. Exploitation could allow an attacker to execute arbitrary scripts in a user's session, potentially compromising sensitive information or executing unauthorized actions. Users and administrators are advised to review Cisco security alerts and apply recommended updates to mitigate these risks.

References

https://exchange.xforce.ibmcloud.com/vulnerabilities/100666

vdb-entryx_refsource_XF

http://tools.cisco.com/security/center/viewAlert.x?alertI...

x_refsource_CONFIRM

http://tools.cisco.com/security/center/content/CiscoSecur...

vendor-advisoryx_refsource_CISCO

Timeline

Vulnerability published
Feb 3, 2015
Vulnerability Reserved
Oct 8, 2014