CVE-2008-0533
Cisco ACS for Windows and ACS Solution Engine - Cross-Site Scripting via CSuserCGI.exe Help Argument
Title source: llmExploitation Summary
EIP tracks 1 public exploit for CVE-2008-0533. PoCs published by felix.
AI-analyzed exploit summary The provided text describes multiple vulnerabilities in Cisco User-Changeable Password (UCP) prior to version 4.2, including XSS and buffer overflow issues. It includes a sample XSS payload but lacks executable exploit code.
Description
Multiple cross-site scripting (XSS) vulnerabilities in securecgi-bin/CSuserCGI.exe in User-Changeable Password (UCP) before 4.2 in Cisco Secure Access Control Server (ACS) for Windows and ACS Solution Engine allow remote attackers to inject arbitrary web script or HTML via an argument located immediately after the Help argument, and possibly unspecified other vectors.
Exploits (1)
The provided text describes multiple vulnerabilities in Cisco User-Changeable Password (UCP) prior to version 4.2, including XSS and buffer overflow issues. It includes a sample XSS payload but lacks executable exploit code.