CVE Vulnerability

CVE-2008-0533

Multiple cross-site scripting (XSS) vulnerabilities in securecgi-bin/CSuserCGI.exe in User-Changeable Password (UCP) before 4.2 in Cisco Secure Access Control Server (ACS) for Windows and ACS Solution Engine allow remote attackers to inject arbitrary web script or HTML via an argument located immediately after the Help argument, and possibly unspecified other vectors.

4.3 /10

CVSS v2.0 :

V3 Legend

Vector :

Exploitability : 8.6 / Impact : 2.9

Attack Vector

Attack Complexity

Privileges Required

User Interaction

Confidentiality Impact NONE

Integrity Impact PARTIAL

Availability Impact NONE

Scope

References
Link Resource
http://www.recurity-labs.com/content/pub/RecurityLabs_Cisco_ACS_UCP_advisory.txt
http://www.cisco.com/en/US/products/products_security_advisory09186a008095f0c4.shtml Patch
http://www.securityfocus.com/bid/28222 Exploit
http://securitytracker.com/id?1019607
http://secunia.com/advisories/29351 Patch Vendor Advisory
http://securityreason.com/securityalert/3743
http://www.vupen.com/english/advisories/2008/0868
https://exchange.xforce.ibmcloud.com/vulnerabilities/41156
http://www.securityfocus.com/archive/1/489463/100/0/threaded
Configurations

Configuration 1

cpe:2.3:a:cisco:acs_solution_engine:*:*:*:*:*:*:*:*
cpe:2.3:a:cisco:user_changeable_password:4.1:*:*:*:*:*:*:*
cpe:2.3:a:cisco:acs_for_windows:*:*:*:*:*:*:*:*
Information

Published : 2008-03-14 08:44

Updated : 2018-10-15 10:01

NVD link : CVE-2008-0533

Mitre link : CVE-2008-0533

Products Affected
No products.
CWE
CWE-79