| Vulnerability Name: | CVE-2014-8012 (CCN-99479) | ||||||||
| Assigned: | 2014-12-17 | ||||||||
| Published: | 2014-12-17 | ||||||||
| Updated: | 2017-01-03 | ||||||||
| Summary: | Cross-site scripting (XSS) vulnerability in the WebVPN Portal Login page in Cisco Adaptive Security Appliance (ASA) Software allows remote attackers to inject arbitrary web script or HTML via crafted attributes in a cookie, aka Bug ID CSCuh24695. | ||||||||
| CVSS v3 Severity: | 5.3 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N)
| ||||||||
| CVSS v2 Severity: | 4.3 Medium (CVSS v2 Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N) 3.7 Low (Temporal CVSS v2 Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N/E:H/RL:OF/RC:C)
3.7 Low (CCN Temporal CVSS v2 Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N/E:H/RL:OF/RC:C)
| ||||||||
| Vulnerability Type: | CWE-79 | ||||||||
| Vulnerability Consequences: | Cross-Site Scripting | ||||||||
| References: | Source: MITRE Type: CNA CVE-2014-8012 Source: CCN Type: Cisco Security Notice Cisco Adaptive Security Appliance DOM Cross-Site Scripting Vulnerability in WebVPN Portal Source: CISCO Type: Vendor Advisory 20141217 Cisco Adaptive Security Appliance DOM Cross-Site Scripting Vulnerability in WebVPN Portal Source: CCN Type: BID-71723 Cisco Adaptive Security Appliance CVE-2014-8012 Cross Site Scripting Vulnerability Source: SECTRACK Type: UNKNOWN 1031395 Source: XF Type: UNKNOWN cisco-asa-cve20148012-xss(99479) | ||||||||
| Vulnerable Configuration: | Configuration 1: Configuration CCN 1:  Denotes that component is vulnerable | ||||||||
| BACK | |||||||||