Guest

Preview Tool

Cisco Bug: CSCta85491 - Cisco API: addmac is susceptible to XSS for CAS specific

Last Modified

Oct 01, 2010

Products (1)

  • Cisco NAC Appliance (Clean Access)

Known Affected Releases

4.7(0)

Description (partial)

Symptom:
Cisco API: addmac is susceptible to XSS for CAS specific & not
global device filter

Conditions:
Steps to reproduce
(1) Call addmac for global device filter with desc containing
<script>alert('CAS specific XSS'); </script>  <== ok will not see pop-up alert box
(2) Call addmac for CAS specific device filter with desc containing
<script>alert('CAS specific XSS'); </script>
(3) CAM gui: Click manage CAS then click Filter>Devices, will see
pop-up alert box with CAS specific XSS message
Bug details contain sensitive information and therefore require a Cisco.com account to be viewed.

Bug Details Include

  • Full Description (including symptoms, conditions and workarounds)
  • Status
  • Severity
  • Known Fixed Releases
  • Related Community Discussions
  • Number of Related Support Cases
Bug information is viewable for customers and partners who have a service contract. Registered users can view up to 200 bugs per month without a service contract.