XSS in Cisco Secure_access_control_system

CVE-2014-0663

Cross-site scripting (XSS) vulnerability in the web framework in Cisco Secure Access Control System (ACS) allows remote attackers to inject arbitrary web script or HTML via an unspecified parameter, aka Bug ID CSCum03625.

Vulnerability class: XSS (Cross-Site Scripting)

EPSS: 0.006 (68.7th percentile) — read the EPSS interpretation.

Affected products

Cisco Secure_access_control_system
N/a — versions n/a

Weakness classification (CWE)

CWE-79 — Cross-site Scripting

References

psirt@cisco.com (x_refsource_CONFIRM, Vendor Advisory)
1029595 (Third Party Advisory, VDB Entry, vdb-entry, x_refsource_SECTRACK)
101914 (x_refsource_OSVDB, vdb-entry)
64773 (Third Party Advisory, VDB Entry, vdb-entry, x_refsource_BID)
cisco-acs-cve20140663-xss(90232) (vdb-entry, x_refsource_XF)
56382 (x_refsource_SECUNIA, third-party-advisory)
20140110 Cisco Secure Access Control System Cross-Site Scripting Vulnerability (x_refsource_CISCO, vendor-advisory, Vendor Advisory)