Multiple Cross-Site Request Forgery and "Stored XSS" Vulnerabilities in Cisco ACS

2011-07-19T00:00:00
ID PT-2011-26
Type ptsecurity
Reporter Positive Technologies
Modified 2012-02-20T00:00:00

Description

PT-2011-26: Multiple Cross-Site Request Forgery and "Stored XSS" Vulnerabilities in Cisco ACS

Fix date:

                    February 13, 2012

Vector: Remote

Systems affected: Cisco Secure ACS 5.x

Vendor: Cisco

Notification status: 19.07.2011 - Vendor is notified 19.07.2011 - Vendor gets vulnerability details 13.02.2012 - Vendor releases fixed version and details 20.02.2012 - Public disclosure