Exploitation Summary
EIP tracks 1 public exploit for CVE-2006-3101. PoCs published by Thomas Liam Romanis.
AI-analyzed exploit summary This exploit demonstrates a cross-site scripting (XSS) vulnerability in Cisco Secure ACS by injecting arbitrary JavaScript code via the 'error' parameter in a POST request to LogonProxy.cgi. The vulnerability arises from insufficient input sanitization, allowing script execution in the context of the affected site.
Description
Cross-site scripting (XSS) vulnerability in LogonProxy.cgi in Cisco Secure ACS for UNIX 2.3 allows remote attackers to inject arbitrary web script or HTML via the (1) error, (2) SSL, and (3) Ok parameters.
Exploits (1)
This exploit demonstrates a cross-site scripting (XSS) vulnerability in Cisco Secure ACS by injecting arbitrary JavaScript code via the 'error' parameter in a POST request to LogonProxy.cgi. The vulnerability arises from insufficient input sanitization, allowing script execution in the context of the affected site.