| Vulnerability Name: | CVE-2014-8028 (CCN-100553) | ||||||||
| Assigned: | 2014-10-08 | ||||||||
| Published: | 2015-01-08 | ||||||||
| Updated: | 2017-09-08 | ||||||||
| Summary: | Multiple cross-site scripting (XSS) vulnerabilities in the web framework in Cisco Secure Access Control System (ACS) allow remote attackers to inject arbitrary web script or HTML via unspecified parameters, aka Bug ID CSCuq79019. | ||||||||
| CVSS v3 Severity: | 5.3 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N)
| ||||||||
| CVSS v2 Severity: | 4.3 Medium (CVSS v2 Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N) 3.7 Low (Temporal CVSS v2 Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N/E:H/RL:OF/RC:C)
3.7 Low (CCN Temporal CVSS v2 Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N/E:H/RL:OF/RC:C)
| ||||||||
| Vulnerability Type: | CWE-79 | ||||||||
| Vulnerability Consequences: | Cross-Site Scripting | ||||||||
| References: | Source: MITRE Type: CNA CVE-2014-8028 Source: SECUNIA Type: UNKNOWN 62159 Source: CCN Type: Cisco Security Notice Cisco Secure Access Control Server Multiple Cross-Site Scripting Vulnerabilities Source: CISCO Type: Vendor Advisory 20150108 Cisco Secure Access Control Server Multiple Cross-Site Scripting Vulnerabilities Source: BID Type: UNKNOWN 71946 Source: CCN Type: BID-71946 Cisco Secure Access Control Server CVE-2014-8028 Multiple Cross Site Scripting Vulnerabilities Source: SECTRACK Type: UNKNOWN 1031515 Source: XF Type: UNKNOWN cisco-secureacs-cve20148028-xss(100553) Source: XF Type: UNKNOWN cisco-secureacs-cve20148028-xss(100553) | ||||||||
| Vulnerable Configuration: | Configuration 1: Configuration CCN 1:  Denotes that component is vulnerable | ||||||||
| BACK | |||||||||