Cisco Bug: CSCuw24705 - Cisco ACS Reflective XSS Vulnerability
Aug 19, 2016
- Cisco Secure Access Control Server Solution Engine
Known Affected Releases
Symptom: A vulnerability in the Cisco Secure Access Control Server (ACS) web interface could allow an unauthenticated, remote attacker to impact the integrity of the system by executing a reflective cross-site scripting (XSS) attack. The vulnerability is due to a lack of input validation on user-supplied input. An attacker could exploit this vulnerability by sending a crafted URL to the affected system. An exploit could allow the attacker to effect the integrity of the system because of database manipulation. Conditions: Device running with default configuration running an affected version of software.
Bug details contain sensitive information and therefore require a Cisco.com account to be viewed.
Bug Details Include
- Full Description (including symptoms, conditions and workarounds)
- Known Fixed Releases
- Related Community Discussions
- Number of Related Support Cases