5 matches found
CVE-2015-6349
Cross-site scripting XSS vulnerability in the web interface in the Solution Engine in Cisco Secure Access Control Server ACS 5.70.15 allows remote attackers to inject arbitrary web script or HTML via a crafted URL...
CVE-2015-6345
SQL injection vulnerability in the Solution Engine in Cisco Secure Access Control Server ACS 5.70.15 allows remote authenticated users to execute arbitrary SQL commands via a crafted URL, aka Bug ID CSCuw24700...
Cross site scripting
Cross-site scripting XSS vulnerability in the web interface in the Solution Engine in Cisco Secure Access Control Server ACS 5.70.15 allows remote attackers to inject arbitrary web script or HTML via a crafted URL...
CVE-2015-6349
Cross-site scripting XSS vulnerability in the web interface in the Solution Engine in Cisco Secure Access Control Server ACS 5.70.15 allows remote attackers to inject arbitrary web script or HTML via a crafted URL...
CVE-2015-6345
CVE-2015-6345 affects Cisco Secure ACS 5.7(0.15) with the Solution Engine. Root cause: lack of input validation in SQL queries, enabling a remote authenticated attacker to run arbitrary SQL commands via a crafted URL. Impact: partial confidentiality, integrity, and availability. Cisco has publish...