Cross-site scripting (XSS) vulnerability in +CSCOT+/translation in Cisco Secure Desktop 3.4.2048, and other versions prior to 3.5; as used in Cisco ASA appliance prior to 8.2(1), 8.1(2.7), and 8.0(5); allows remote malicious users to inject arbitrary web script or HTML via a crafted POST parameter, which is not properly handled by an eval statement in binary/mainv.js that writes to start.html.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
cisco secure desktop |
||
cisco adaptive_security_appliance_software |