Cross-site Scripting Flaw in Cisco Access Control Server
CVE-2015-0728

Currently unrated

Key Information:

Vendor: Cisco
Status: Secure Access Control System
Vendor: CVE Published:; 15 May 2015

Summary

A cross-site scripting vulnerability in the Cisco Access Control Server (ACS) 5.5(0.1) enables remote attackers to inject arbitrary web script or HTML through a specially crafted URL. This flaw, identified as Bug ID CSCuu11002, poses significant security risks, as it can lead to unauthorized script execution in the context of a user's session.

References

http://tools.cisco.com/security/center/viewAlert.x?alertI...

vendor-advisoryx_refsource_CISCO

http://www.securitytracker.com/id/1032328

vdb-entryx_refsource_SECTRACK

Timeline

Vulnerability published
May 15, 2015
Vulnerability Reserved
Jan 7, 2015