CVE-2008-0533

Multiple cross-site scripting (XSS) vulnerabilities in securecgi-bin/CSuserCGI.exe in User-Changeable Password (UCP) before 4.2 in Cisco Secure Access Control Server (ACS) for Windows and ACS Solution Engine allow remote attackers to inject arbitrary web script or HTML via an argument located immediately after the Help argument, and possibly unspecified other vectors.

Severity	MEDIUM
CVSS	4.3
CWE	CWE-79
KEV
Published	18 years ago
Modified	3 weeks ago

Related Products

Product	Advisory	Evidence
Cisco User-Changeable Password Utility (UCP)	cisco-sa-20080312-ucp	Cisco OpenVuln
Cisco Secure Access Control Server (ACS) for Windows	cisco-sa-20080312-ucp	Cisco OpenVuln