Multiple cross-site scripting (XSS) vulnerabilities in securecgi-bin/CSuserCGI.exe in User-Changeable Password (UCP) prior to 4.2 in Cisco Secure Access Control Server (ACS) for Windows and ACS Solution Engine allow remote malicious users to inject arbitrary web script or HTML via an argument located immediately after the Help argument, and possibly unspecified other vectors.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
cisco acs solution engine |
||
cisco user changeable password 4.1 |
||
cisco acs for windows |