Lucene search
HistoryFeb 03, 2015 - 10:59 p.m.
CVE-2014-8021
cve-2014-8021
cross-site scripting
xss vulnerability
cisco anyconnect
secure mobility client
cisco hostscan engine
remote attackers
web script
html
bug ids
cscup82990
cscuq80149
nvd
5.7 Medium
AI Score
Confidence
High
4.3 Medium
CVSS2
Access Vector
Access Complexity
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:M/Au:N/C:N/I:P/A:N
0.002 Low
EPSS
Percentile
60.0%
Cross-site scripting (XSS) vulnerability in Cisco AnyConnect Secure Mobility Client 3.1(.02043) and earlier and Cisco HostScan Engine 3.1(.05183) and earlier allows remote attackers to inject arbitrary web script or HTML via vectors involving an applet-path URL, aka Bug IDs CSCup82990 and CSCuq80149.
Affected configurations
Node
ciscohostscan_engineRange≤3.1\(.05183\)
Node
ciscoanyconnect_secure_mobility_clientRange≤3.1\(.02043\)
| CPE | Name | Operator | Version |
|---|---|---|---|
| cisco:hostscan_engine | cisco hostscan engine | le | 3.1\(.05183\) |
Related
prion
prion
Cross site scripting
2015-02-03 22:59:00
cisco
cisco
cvelist
cvelist
CVE-2014-8021
2015-02-03 22:00:00
nvd
nvd
CVE-2014-8021
2015-02-03 22:59:01
nessus
nessus
Cisco AnyConnect Secure Mobility Client < 3.1(6068) XSS
2015-03-06 00:00:00
5.7 Medium
AI Score
Confidence
High
4.3 Medium
CVSS2
Access Vector
Access Complexity
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:M/Au:N/C:N/I:P/A:N
0.002 Low
EPSS
Percentile
60.0%
Related for CVE-2014-8021