CVE-2008-0533

medium

Description

Multiple cross-site scripting (XSS) vulnerabilities in securecgi-bin/CSuserCGI.exe in User-Changeable Password (UCP) before 4.2 in Cisco Secure Access Control Server (ACS) for Windows and ACS Solution Engine allow remote attackers to inject arbitrary web script or HTML via an argument located immediately after the Help argument, and possibly unspecified other vectors.

References

https://exchange.xforce.ibmcloud.com/vulnerabilities/41156

http://www.vupen.com/english/advisories/2008/0868

http://www.securityfocus.com/archive/1/489463/100/0/threaded

http://www.recurity-labs.com/content/pub/RecurityLabs_Cisco_ACS_UCP_advisory.txt

http://www.cisco.com/en/US/products/products_security_advisory09186a008095f0c4.shtml

http://securitytracker.com/id?1019607

http://securityreason.com/securityalert/3743

http://secunia.com/advisories/29351

Details

Source: Mitre, NVD

Published: 2008-03-14

Updated: 2024-11-21

Risk Information

CVSS v2

Base Score: 4.3

Vector: CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:N

Severity: Medium

CVSS v3

Base Score: 6.1

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Severity: Medium