CVE-2008-0533
Cisco User-Changeable Password (UCP) 3.3.4.12.5 - 'CSUserCGI.exe' Help Facility Cross-Site Scripting
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
2Exploited in Wild
-Decision
Descriptions
Multiple cross-site scripting (XSS) vulnerabilities in securecgi-bin/CSuserCGI.exe in User-Changeable Password (UCP) before 4.2 in Cisco Secure Access Control Server (ACS) for Windows and ACS Solution Engine allow remote attackers to inject arbitrary web script or HTML via an argument located immediately after the Help argument, and possibly unspecified other vectors.
Múltiples vulnerabilidades de secuencias de comandos en sitios cruzados (XSS) del módulo securecgi-bin/CSuserCGI.exe en vesiones anteriores a la 4.2 de Cisco Secure Access Control Server (ACS) para Windows y ACS Solution Engine, permite a atacantes remotos inyectar secuencias de comandos web o HTML de su elección mediante la utilización de un argumento situado a continuación del argumento Help y probablemente mediante otros vectores no especificados.
The Cisco Secure Access Control Server (ACS) for Windows User-Changeable Password (UCP) application suffers from buffer overflow and cross site scripting vulnerabilities. Details provided.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2008-01-31 CVE Reserved
- 2008-03-12 First Exploit
- 2008-03-13 CVE Published
- 2024-08-07 CVE Updated
- 2024-11-01 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
CWE
- CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CAPEC
References (10)
| URL | Tag | Source |
|---|---|---|
| http://securityreason.com/securityalert/3743 | Third Party Advisory | |
| http://securitytracker.com/id?1019607 | Vdb Entry | |
| http://www.recurity-labs.com/content/pub/RecurityLabs_Cisco_ACS_UCP_advisory.txt | X_refsource_misc | |
| http://www.securityfocus.com/archive/1/489463/100/0/threaded | Mailing List | |
| http://www.vupen.com/english/advisories/2008/0868 | Vdb Entry | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/41156 | Vdb Entry |
| URL | Date | SRC |
|---|---|---|
| https://www.exploit-db.com/exploits/31395 | 2008-03-12 | |
| http://www.securityfocus.com/bid/28222 | 2024-08-07 |
| URL | Date | SRC |
|---|---|---|
| http://secunia.com/advisories/29351 | 2018-10-15 | |
| http://www.cisco.com/en/US/products/products_security_advisory09186a008095f0c4.shtml | 2018-10-15 |
| URL | Date | SRC |
|---|
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Cisco Search vendor "Cisco" | Acs For Windows Search vendor "Cisco" for product "Acs For Windows" | * | - |
Affected
| ||||||
| Cisco Search vendor "Cisco" | Acs Solution Engine Search vendor "Cisco" for product "Acs Solution Engine" | * | - |
Affected
| ||||||
| Cisco Search vendor "Cisco" | User Changeable Password Search vendor "Cisco" for product "User Changeable Password" | 4.1 Search vendor "Cisco" for product "User Changeable Password" and version "4.1" | - |
Affected
| ||||||