CVE-2016-6436
Severity Score
6.1
*CVSS v3
Exploit Likelihood
*EPSS
Affected Versions
*CPE
Public Exploits
0
*Multiple Sources
Exploited in Wild
-
*KEV
Decision
-
*SSVC
Descriptions
Cross-site scripting (XSS) vulnerability in HostScan Engine 3.0.08062 through 3.1.14018 in the Cisco Host Scan package, as used in ASA Web VPN, allows remote attackers to inject arbitrary web script or HTML via a crafted URL, aka Bug ID CSCuz14682.
Vulnerabilidad de XSS en HostScan Engine 3.0.08062 hasta la versión 3.1.14018 en el paquete Cisco Host Scan, tal como se utiliza en ASA Web VPN, permite a atacantes remotos inyectar secuencias de comandos web o HTML arbitrarios a través de una URL manipulada, vulnerabilidad también conocida como Bug ID CSCuz14682.
*Credits:
N/A
CVSS Scores
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
Attack Vector
Attack Complexity
Authentication
Confidentiality
Integrity
Availability
* Common Vulnerability Scoring System
SSVC
- Decision:-
Exploitation
Automatable
Tech. Impact
* Organization's Worst-case Scenario
Timeline
- 2016-07-26 CVE Reserved
- 2016-10-06 CVE Published
- 2023-03-07 EPSS Updated
- 2024-08-06 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CAPEC
References (2)
| URL | Tag | Source |
|---|---|---|
| http://www.securityfocus.com/bid/93407 | Vdb Entry |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|---|---|
| http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161005-chs | 2016-11-28 |
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Cisco Search vendor "Cisco" | Hostscan Engine Search vendor "Cisco" for product "Hostscan Engine" | 3.0.08062 Search vendor "Cisco" for product "Hostscan Engine" and version "3.0.08062" | - |
Affected
| ||||||
| Cisco Search vendor "Cisco" | Hostscan Engine Search vendor "Cisco" for product "Hostscan Engine" | 3.0.08066 Search vendor "Cisco" for product "Hostscan Engine" and version "3.0.08066" | - |
Affected
| ||||||
| Cisco Search vendor "Cisco" | Hostscan Engine Search vendor "Cisco" for product "Hostscan Engine" | 3.1.01065 Search vendor "Cisco" for product "Hostscan Engine" and version "3.1.01065" | - |
Affected
| ||||||
| Cisco Search vendor "Cisco" | Hostscan Engine Search vendor "Cisco" for product "Hostscan Engine" | 3.1.02016 Search vendor "Cisco" for product "Hostscan Engine" and version "3.1.02016" | - |
Affected
| ||||||
| Cisco Search vendor "Cisco" | Hostscan Engine Search vendor "Cisco" for product "Hostscan Engine" | 3.1.02026 Search vendor "Cisco" for product "Hostscan Engine" and version "3.1.02026" | - |
Affected
| ||||||
| Cisco Search vendor "Cisco" | Hostscan Engine Search vendor "Cisco" for product "Hostscan Engine" | 3.1.02040 Search vendor "Cisco" for product "Hostscan Engine" and version "3.1.02040" | - |
Affected
| ||||||
| Cisco Search vendor "Cisco" | Hostscan Engine Search vendor "Cisco" for product "Hostscan Engine" | 3.1.02043 Search vendor "Cisco" for product "Hostscan Engine" and version "3.1.02043" | - |
Affected
| ||||||
| Cisco Search vendor "Cisco" | Hostscan Engine Search vendor "Cisco" for product "Hostscan Engine" | 3.1.03103 Search vendor "Cisco" for product "Hostscan Engine" and version "3.1.03103" | - |
Affected
| ||||||
| Cisco Search vendor "Cisco" | Hostscan Engine Search vendor "Cisco" for product "Hostscan Engine" | 3.1.03104 Search vendor "Cisco" for product "Hostscan Engine" and version "3.1.03104" | - |
Affected
| ||||||
| Cisco Search vendor "Cisco" | Hostscan Engine Search vendor "Cisco" for product "Hostscan Engine" | 3.1.04060 Search vendor "Cisco" for product "Hostscan Engine" and version "3.1.04060" | - |
Affected
| ||||||
| Cisco Search vendor "Cisco" | Hostscan Engine Search vendor "Cisco" for product "Hostscan Engine" | 3.1.04063 Search vendor "Cisco" for product "Hostscan Engine" and version "3.1.04063" | - |
Affected
| ||||||
| Cisco Search vendor "Cisco" | Hostscan Engine Search vendor "Cisco" for product "Hostscan Engine" | 3.1.04075 Search vendor "Cisco" for product "Hostscan Engine" and version "3.1.04075" | - |
Affected
| ||||||
| Cisco Search vendor "Cisco" | Hostscan Engine Search vendor "Cisco" for product "Hostscan Engine" | 3.1.04082 Search vendor "Cisco" for product "Hostscan Engine" and version "3.1.04082" | - |
Affected
| ||||||
| Cisco Search vendor "Cisco" | Hostscan Engine Search vendor "Cisco" for product "Hostscan Engine" | 3.1.05152 Search vendor "Cisco" for product "Hostscan Engine" and version "3.1.05152" | - |
Affected
| ||||||
| Cisco Search vendor "Cisco" | Hostscan Engine Search vendor "Cisco" for product "Hostscan Engine" | 3.1.05160 Search vendor "Cisco" for product "Hostscan Engine" and version "3.1.05160" | - |
Affected
| ||||||
| Cisco Search vendor "Cisco" | Hostscan Engine Search vendor "Cisco" for product "Hostscan Engine" | 3.1.05163 Search vendor "Cisco" for product "Hostscan Engine" and version "3.1.05163" | - |
Affected
| ||||||
| Cisco Search vendor "Cisco" | Hostscan Engine Search vendor "Cisco" for product "Hostscan Engine" | 3.1.05170 Search vendor "Cisco" for product "Hostscan Engine" and version "3.1.05170" | - |
Affected
| ||||||
| Cisco Search vendor "Cisco" | Hostscan Engine Search vendor "Cisco" for product "Hostscan Engine" | 3.1.05178 Search vendor "Cisco" for product "Hostscan Engine" and version "3.1.05178" | - |
Affected
| ||||||
| Cisco Search vendor "Cisco" | Hostscan Engine Search vendor "Cisco" for product "Hostscan Engine" | 3.1.05182 Search vendor "Cisco" for product "Hostscan Engine" and version "3.1.05182" | - |
Affected
| ||||||
| Cisco Search vendor "Cisco" | Hostscan Engine Search vendor "Cisco" for product "Hostscan Engine" | 3.1.05183 Search vendor "Cisco" for product "Hostscan Engine" and version "3.1.05183" | - |
Affected
| ||||||
| Cisco Search vendor "Cisco" | Hostscan Engine Search vendor "Cisco" for product "Hostscan Engine" | 3.1.06073 Search vendor "Cisco" for product "Hostscan Engine" and version "3.1.06073" | - |
Affected
| ||||||
| Cisco Search vendor "Cisco" | Hostscan Engine Search vendor "Cisco" for product "Hostscan Engine" | 3.1.14018 Search vendor "Cisco" for product "Hostscan Engine" and version "3.1.14018" | - |
Affected
| ||||||