Cross-Site Scripting Vulnerability in Cisco Secure Access Control Server
CVE-2015-6349

Currently unrated

Key Information:

Vendor: Cisco
Status: Secure Access Control Server
Vendor: CVE Published:; 30 October 2015

Summary

A Cross-site Scripting (XSS) vulnerability exists in the web interface of Cisco Secure Access Control Server (ACS) version 5.7(0.15). This issue allows remote attackers to execute arbitrary web scripts or HTML through specially crafted URLs. Successful exploitation may allow attackers to manipulate user sessions or redirect users to malicious sites, potentially leading to further compromises within the targeted environment. It is crucial for users of this product to ensure they are following best practices for web security to mitigate such vulnerabilities.

References

http://tools.cisco.com/security/center/content/CiscoSecur...

vendor-advisoryx_refsource_CISCO

http://www.securitytracker.com/id/1033968

vdb-entryx_refsource_SECTRACK

Timeline

Vulnerability published
Oct 30, 2015
Vulnerability Reserved
Aug 17, 2015