Description
Cross-site scripting vulnerability in CiscoSecure ACS 3.0 allows remote attackers to execute arbitrary script or HTML as other web users via the action argument in a link to setup.exe.
Exploits (1)
exploitdb
WORKING POC
VERIFIED
by Dave Palumbo · textremotewindows
https://www.exploit-db.com/exploits/21555
References (4)
Core 4
Core References
Vendor Advisory vdb-entry
x_refsource_xf
http://www.iss.net/security_center/static/9353.php
Third Party Advisory mailing-list
x_refsource_bugtraq
http://archives.neohapsis.com/archives/bugtraq/2002-06/0156.html
Exploit, Vendor Advisory vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/5026
Third Party Advisory, VDB Entry mailing-list
x_refsource_bugtraq
http://online.securityfocus.com/archive/1/278222
Scores
EPSS
0.0311
EPSS Percentile
87.0%
Details
Status
published
Products (2)
cisco/secure_access_control_server
3.0
cisco/secure_access_control_server
3.0.1
Published
Oct 04, 2002
Tracked Since
Feb 18, 2026