Published: 14/03/2008 Updated: 15/10/2018

CVSS v2 Base Score: 4.3 | Impact Score: 2.9 | Exploitability Score: 8.6

VMScore: 435

Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N

Multiple cross-site scripting (XSS) vulnerabilities in securecgi-bin/CSuserCGI.exe in User-Changeable Password (UCP) prior to 4.2 in Cisco Secure Access Control Server (ACS) for Windows and ACS Solution Engine allow remote malicious users to inject arbitrary web script or HTML via an argument located immediately after the Help argument, and possibly unspecified other vectors.

Vulnerable Product	Search on Vulmon	Subscribe to Product
cisco acs solution engine
cisco user changeable password 4.1
cisco acs for windows

source: wwwsecurityfocuscom/bid/28222/info Cisco User-Changeable Password (UCP) is prone to multiple remote vulnerabilities, including cross-site scripting and buffer-overflow vulnerabilities Exploiting the cross-site scripting issues may help the attacker steal cookie-based authentication credentials and launch other attacks Exploit ...

The Cisco Secure Access Control Server (ACS) for Windows User-Changeable Password (UCP) application suffers from buffer overflow and cross site scripting vulnerabilities Details provided ...

CWE-79 http://www.recurity-labs.com/content/pub/RecurityLabs_Cisco_ACS_UCP_advisory.txt http://www.cisco.com/en/US/products/products_security_advisory09186a008095f0c4.shtml http://www.securityfocus.com/bid/28222 http://securitytracker.com/id?1019607 http://secunia.com/advisories/29351 http://securityreason.com/securityalert/3743 http://www.vupen.com/english/advisories/2008/0868 https://exchange.xforce.ibmcloud.com/vulnerabilities/41156 http://www.securityfocus.com/archive/1/489463/100/0/threaded https://nvd.nist.gov https://www.exploit-db.com/exploits/31395/

Get Started

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook

CVE-2008-0533

Vulnerability Summary

Exploits

References

Vulmon Search

About

Products

Connect