cisco-sa-20161005-chs

Cisco Host Scan Package Cross-Site Scripting Vulnerability

Medium · Updated 2016-10-05 (9 years ago) · Cisco

1 product with CSAF evidence

A vulnerability in the Cisco Host Scan package could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of a Cisco Adaptive Security Appliance (ASA) Web VPN deployment. The vulnerability is due to insufficient input validation of a user-supplied value. An attacker could exploit this vulnerability by persuading a user to click a specific link. For additional information about cross-site scripting attacks and the methods used to exploit these vulnerabilities, see the following resources: Cisco Applied Mitigation Bulletin: Understanding Cross-Site Scripting (XSS) Threat Vectors OWASP reference page: Cross-Site Scripting_(XSS) Cisco has not released software updates that address this vulnerability. There are no workarounds that address this vulnerability.