2 matches found
PT-2011-27: Multiple Vulnerabilities in Cisco ACS Web Interface
Positive Research Center has discovered multiple vulnerabilities in the Cisco ACS web interface. Cross-site scripting vulnerabilities are triggered when a specially crafted value is assigned to different variables in scripts, which allows one to manage device through Web-interface. This can be...
PT-2011-26: Multiple Cross-Site Request Forgery and "Stored XSS" Vulnerabilities in Cisco ACS
Positive Research Center has discovered multiple Cross-Site Request Forgery and "stored XSS" Vulnerabilities in Cisco ACS. Forms do not provide protection against CSRF attacks. One can create a spoofing web form and trick the Cisco ACS administrator into submitting it. If the administrator alread...