Eval injection vulnerability in the csco_wrap_js function in /+CSCOL+/cte.js in WebVPN on the Cisco Adaptive Security Appliances (ASA) device with software 8.0(4), 8.1.2, and 8.2.1 allows remote malicious users to bypass a DOM wrapper and conduct cross-site scripting (XSS) attacks by setting CSCO_WebVPN['process'] to the name of a crafted function, aka Bug ID CSCsy80694.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
cisco adaptive_security_appliance 8.2.1 |
||
cisco adaptive_security_appliance 8.1.2 |
||
cisco adaptive_security_appliance 8.0\\(4\\) |
||
cisco adaptive_security_appliance |