Cross-Site Scripting Vulnerability in Cisco Host Scan Package
CVE-2016-6436

6.1MEDIUM

Key Information:

Vendor: Cisco
Status: Hostscan Engine
Vendor: CVE Published:; 6 October 2016

Summary

A cross-site scripting vulnerability exists in the Cisco Host Scan package, allowing remote attackers to inject arbitrary web scripts or HTML via a specially crafted URL. This issue affects HostScan Engine versions 3.0.08062 to 3.1.14018, as utilized in ASA Web VPN. Successful exploitation can enable attackers to manipulate user experience and possibly steal sensitive information from users' browsers.

References

http://www.securityfocus.com/bid/93407

vdb-entryx_refsource_BID

http://tools.cisco.com/security/center/content/CiscoSecur...

vendor-advisoryx_refsource_CISCO

CVSS V3.1

Score:

6.1

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Changed

Timeline

Vulnerability published
Oct 6, 2016
Vulnerability Reserved
Jul 26, 2016