XSS in Cisco Secure_access_control_system

CVE-2014-8028

Multiple cross-site scripting (XSS) vulnerabilities in the web framework in Cisco Secure Access Control System (ACS) allow remote attackers to inject arbitrary web script or HTML via unspecified parameters, aka Bug ID CSCuq79019.

Vulnerability class: XSS (Cross-Site Scripting)

EPSS: 0.003 (56.2th percentile) — read the EPSS interpretation.

Affected products

Cisco Secure_access_control_system
N/a — versions n/a

Weakness classification (CWE)

CWE-79 — Cross-site Scripting

References

71946 (vdb-entry, x_refsource_BID)
cisco-secureacs-cve20148028-xss(100553) (vdb-entry, x_refsource_XF)
20150108 Cisco Secure Access Control Server Multiple Cross-Site Scripting Vulnerabilities (x_refsource_CISCO, vendor-advisory, Vendor Advisory)
1031515 (vdb-entry, x_refsource_SECTRACK)
62159 (x_refsource_SECUNIA, third-party-advisory)