2 matches found
CVE-2009-1201
Eval injection vulnerability in the cscowrapjs function in /+CSCOL+/cte.js in WebVPN on the Cisco Adaptive Security Appliances ASA device with software 8.04, 8.1.2, and 8.2.1 allows remote attackers to bypass a DOM wrapper and conduct cross-site scripting XSS attacks by setting CSCOWebVPN'process...
CVE-2009-1201
Cisco ASA Web VPN vulnerability CVE-2009-1201 affects ASA with Web VPN (clientless SSL VPN) on versions 8.0(4), 8.1.2, and 8.2.1. The issue lies in the csco_wrap_js function in /+CSCOL+/cte.js, which uses CSCO_WebVPN['process'] to compute html and then evals the result, allowing an attacker-contr...