XSS in Cisco Anyconnect_secure_mobility_client
CVE-2014-8021
Cross-site scripting (XSS) vulnerability in Cisco AnyConnect Secure Mobility Client 3.1(.02043) and earlier and Cisco HostScan Engine 3.1(.05183) and earlier allows remote attackers to inject arbitrary web script or HTML via vectors involv…
Vulnerability class: XSS (Cross-Site Scripting)
EPSS: 0.003 (51.5th percentile) — read the EPSS interpretation.
Affected products
- Cisco Anyconnect_secure_mobility_client
- Cisco Hostscan_engine
- N/a — versions n/a
Weakness classification (CWE)
References
- cisco-anyconnect-cve20148021-xss(100666) (vdb-entry, x_refsource_XF)
- psirt@cisco.com (x_refsource_CONFIRM, Vendor Advisory)
- 20150202 Cisco AnyConnect and Cisco Host Scan Web Launch Cross-Site Scripting Vulnerability (x_refsource_CISCO, vendor-advisory, Vendor Advisory)
- 72475 (vdb-entry, x_refsource_BID)