Cisco Bug: CSCtf07112 - Multiple XSS in ACS 5.1 Web UI
Feb 22, 2018
- Cisco Secure Access Control Server Solution Engine
Known Affected Releases
<B>Symptom:</B> Testing of ACS 5.1 Web user Interface uncovered the following issues: 1. ACS view has vulnerabilities of SQL DB injection 2. Cross-site scripting in ACS <B>Conditions:</B> Note: that in-order to reproduce these issues, user must be logged in to the ACS server.
Bug details contain sensitive information and therefore require a Cisco.com account to be viewed.
Bug Details Include
- Full Description (including symptoms, conditions and workarounds)
- Known Fixed Releases
- Related Community Discussions
- Number of Related Support Cases