A vulnerability in the Cisco Host Scan package could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of a Cisco Adaptive Security Appliance (ASA) Web VPN deployment.The vulnerability is due to insufficient input validation of a user-supplied value. An attacker could exploit this vulnerability by persuading a user to click a specific link.
For additional information about cross-site scripting attacks and the methods used to exploit these vulnerabilities, see the following resources:
- Cisco Applied Mitigation Bulletin: Understanding Cross-Site Scripting (XSS) Threat Vectors
- OWASP reference page: Cross-Site Scripting_(XSS)
This advisory is available at the following link:
http://ift.tt/2dtQt1G
A vulnerability in the Cisco Host Scan package could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of a Cisco Adaptive Security Appliance (ASA) Web VPN deployment.The vulnerability is due to insufficient input validation of a user-supplied value. An attacker could exploit this vulnerability by persuading a user to click a specific link.
For additional information about cross-site scripting attacks and the methods used to exploit these vulnerabilities, see the following resources:
- Cisco Applied Mitigation Bulletin: Understanding Cross-Site Scripting (XSS) Threat Vectors
- OWASP reference page: Cross-Site Scripting_(XSS)
This advisory is available at the following link:
http://ift.tt/2dtQt1G
Security Impact Rating: Medium
CVE: CVE-2016-6436
from Cisco Security Advisory http://ift.tt/2dtQt1G
No comments:
Post a Comment
Note: Only a member of this blog may post a comment.