CVE-2016-6436
https://notcve.org/view.php?id=CVE-2016-6436
Cross-site scripting (XSS) vulnerability in HostScan Engine 3.0.08062 through 3.1.14018 in the Cisco Host Scan package, as used in ASA Web VPN, allows remote attackers to inject arbitrary web script or HTML via a crafted URL, aka Bug ID CSCuz14682. Vulnerabilidad de XSS en HostScan Engine 3.0.08062 hasta la versión 3.1.14018 en el paquete Cisco Host Scan, tal como se utiliza en ASA Web VPN, permite a atacantes remotos inyectar secuencias de comandos web o HTML arbitrarios a través de una URL manipulada, vulnerabilidad también conocida como Bug ID CSCuz14682. • http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161005-chs http://www.securityfocus.com/bid/93407 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2014-8021
https://notcve.org/view.php?id=CVE-2014-8021
Cross-site scripting (XSS) vulnerability in Cisco AnyConnect Secure Mobility Client 3.1(.02043) and earlier and Cisco HostScan Engine 3.1(.05183) and earlier allows remote attackers to inject arbitrary web script or HTML via vectors involving an applet-path URL, aka Bug IDs CSCup82990 and CSCuq80149. Vulnerabilidad de XSS en Cisco AnyConnect Secure Mobility Client 3.1(.02043) y anteriores y Cisco HostScan Engine 3.1(.05183) y anteriores permite a atacantes remotos inyectar secuencias de comandos web o HTML arbitrarios a través de vectores involucrando una URL de ruta de applet, también conocido como Bug IDs CSCup82990 y CSCuq80149. • http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-8021 http://tools.cisco.com/security/center/viewAlert.x?alertId=37323 http://www.securityfocus.com/bid/72475 https://exchange.xforce.ibmcloud.com/vulnerabilities/100666 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •