OSVDB ID: 81766

Title: Cisco Secure Access Control Server (ACS) Multiple Unspecified XSS

Info

Disclosure

May 02, 2012

Discovery

Unknown

Dates

Exploit

Unknown

Solution

May 02, 2012

Description

Cisco Secure Access Control Server contains multiple flaws that allows a remote cross-site scripting (XSS) attack. These flaws exist because the application does not validate certain unspecified input before returning it to the user. This may allow a user to create a specially crafted URL that would execute arbitrary script code in a user's browser within the trust relationship between their browser and the server.

Classification

Location: Remote / Network Access
Attack Type: Input Manipulation
Impact: Loss of Integrity
Solution: Patch / RCS
Exploit: Exploit Unknown
Disclosure: Vendor Verified
OSVDB: Web Related

Solution

Currently, there are no known workarounds or upgrades to correct this issue. However, Cisco has released patch 9 for version 5.2.0.26 to address this vulnerability. Check the vendor advisory or solution in the references section.

Products

Cisco Systems, Inc.

Secure Access Control Server

5.2.0.26 Patch 8

References

Credit

Unknown or Incomplete



Direct URL: http://osvdb.org/81766