XSS in Cisco Secure_access_control_system

CVE-2014-0668

Cross-site scripting (XSS) vulnerability in the portal in Cisco Secure Access Control System (ACS) allows remote attackers to inject arbitrary web script or HTML via an unspecified parameter, aka Bug ID CSCue65949.

Vulnerability class: XSS (Cross-Site Scripting)

EPSS: 0.006 (68.7th percentile) — read the EPSS interpretation.

Affected products

Cisco Secure_access_control_system
N/a — versions n/a

Weakness classification (CWE)

CWE-79 — Cross-site Scripting

References

cisco-acs-cve20140668-xss(90561) (vdb-entry, x_refsource_XF)
20140117 Cisco Secure ACS Portal Cross-Site Scripting Vulnerability (x_refsource_CISCO, vendor-advisory, Vendor Advisory)
56543 (x_refsource_SECUNIA, third-party-advisory)
102256 (x_refsource_OSVDB, vdb-entry)
psirt@cisco.com (x_refsource_CONFIRM, Vendor Advisory)
65016 (Third Party Advisory, VDB Entry, vdb-entry, x_refsource_BID)
1029654 (Third Party Advisory, VDB Entry, vdb-entry, x_refsource_SECTRACK)