CVE-2008-0533

Cisco Acs For Windows - XSS

Title source: rule

Description

Multiple cross-site scripting (XSS) vulnerabilities in securecgi-bin/CSuserCGI.exe in User-Changeable Password (UCP) before 4.2 in Cisco Secure Access Control Server (ACS) for Windows and ACS Solution Engine allow remote attackers to inject arbitrary web script or HTML via an argument located immediately after the Help argument, and possibly unspecified other vectors.

Exploits (1)

exploitdb WRITEUP VERIFIED

by felix · textremotewindows

https://www.exploit-db.com/exploits/31395

View Code ZIP pw:eip

References (9)

[Patch, Vendor Advisory] http://secunia.com/advisories/29351

[Patch] http://www.cisco.com/en/US/products/products_security_advisory09186a008095f0c4.shtml

[Various Sources] http://www.recurity-labs.com/content/pub/RecurityLabs_Cisco_ACS_UCP_advisory.txt

[Exploit] http://www.securityfocus.com/bid/28222

[Third Party Advisory, VDB Entry] http://www.securityfocus.com/archive/1/489463/100/0/threaded

[Third Party Advisory, VDB Entry] https://exchange.xforce.ibmcloud.com/vulnerabilities/41156

[Third Party Advisory, VDB Entry] http://securitytracker.com/id?1019607

[Third Party Advisory] http://www.vupen.com/english/advisories/2008/0868

[Third Party Advisory] http://securityreason.com/securityalert/3743

Scores

EPSS 0.0434

EPSS Percentile 88.8%

Classification

CWE

CWE-79

Status draft

Affected Products (3)

cisco/acs_for_windows

cisco/acs_solution_engine

cisco/user_changeable_password

Timeline

Published Mar 14, 2008

Tracked Since Feb 18, 2026