7 lines
No EOL
676 B
Text
7 lines
No EOL
676 B
Text
source: https://www.securityfocus.com/bid/5026/info
|
|
|
|
Cisco Secure ACS is an access control and accounting server system. It is distributed and maintained by Cisco, and in this vulnerability affects implementations on the Microsoft Windows NT platform.
|
|
|
|
It has been discovered that the web server component of the Cisco Secure ACS package allows an attacker to execute cross-site scripting attacks. When this link is visited, the attacker-supplied HTML or script code could be executed in the browser of a user, provided the user has authenticated to the Secure ACS server.
|
|
|
|
http://example.com:dyn_port/setup.exe?action=<script>alert('foo+bar')</script>&page=list_users&user=P* |