CVE-2002-0938
Cisco Secure Access Control Server 3.0 - Cross-Site Scripting via Setup.exe Action Parameter
Title source: llmExploitation Summary
EIP tracks 1 public exploit for CVE-2002-0938. PoCs published by Dave Palumbo.
AI-analyzed exploit summary This exploit demonstrates a cross-site scripting (XSS) vulnerability in Cisco Secure ACS web server component on Windows NT. The PoC shows how an attacker can inject arbitrary script code via the 'action' parameter in a URL, which executes in the context of an authenticated user's browser.
Description
Cross-site scripting vulnerability in CiscoSecure ACS 3.0 allows remote attackers to execute arbitrary script or HTML as other web users via the action argument in a link to setup.exe.
Exploits (1)
This exploit demonstrates a cross-site scripting (XSS) vulnerability in Cisco Secure ACS web server component on Windows NT. The PoC shows how an attacker can inject arbitrary script code via the 'action' parameter in a URL, which executes in the context of an authenticated user's browser.