2 matches found
CVE-2009-1220
Cross-site scripting XSS vulnerability in +webvpn+/index.html in WebVPN on the Cisco Adaptive Security Appliances ASA 5520 with software 7.2430 and earlier 7.2 versions including 7.2222, and 8.0428 and earlier 8.0 versions, when clientless mode is enabled, allows remote attackers to inject...
CVE-2009-1220
Cisco ASA WebVPN Cross-Site Scripting (CVE-2009-1220) affects WebVPN clientless mode on ASA 5520 with software 7.2(4)30 and older 7.2x and 8.0x (e.g., 8.0(4)28 and earlier). Root cause: improper input validation in index.html allows injecting script via the Host HTTP header, enabling remote XSS. ...