What is CVE-2016-6436?

CVE-2016-6436 is a medium-severity vulnerability in Cisco Hostscan_engine, classified under Cross-site Scripting. CVSS score: 6.1/10. Published 2016-10-06.

How severe is CVE-2016-6436?

Medium severity. CVSS v3 base score is 6.1 out of 10.

XSS in Cisco Hostscan_engine

CVE-2016-6436

Cross-site scripting (XSS) vulnerability in HostScan Engine 3.0.08062 through 3.1.14018 in the Cisco Host Scan package, as used in ASA Web VPN, allows remote attackers to inject arbitrary web script or HTML via a crafted URL, aka Bug ID CS…

Vulnerability class: XSS (Cross-Site Scripting)

EPSS: 0.003 (48.6th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 6.1 (Medium). Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N.

Affected products

Cisco Hostscan_engine — versions 3.0.08062, 3.0.08066, 3.1.01065
N/a — versions n/a

Weakness classification (CWE)

CWE-79 — Cross-site Scripting

References

93407 (vdb-entry, x_refsource_BID)
20161005 Cisco Host Scan Package Cross-Site Scripting Vulnerability (x_refsource_CISCO, vendor-advisory, Vendor Advisory)

Frequently asked questions

What is CVE-2016-6436?: CVE-2016-6436 is a medium-severity vulnerability in Cisco Hostscan_engine, classified under Cross-site Scripting. CVSS score: 6.1/10. Published 2016-10-06.
How severe is CVE-2016-6436?: Medium severity. CVSS v3 base score is 6.1 out of 10.