Eval injection vulnerability in the csco_wrap_js function in /+CSCOL+/cte.js in WebVPN on the Cisco Adaptive Security Appliances (ASA) device with software 8.0(4), 8.1.2, and 8.2.1 allows remote attackers to bypass a DOM wrapper and conduct cross-site scripting (XSS) attacks by setting CSCO_WebVPN['process'] to the name of a crafted function, aka Bug ID CSCsy80694.
References
Configurations
Configuration 1 (hide)
AND |
|
Information
Published : 2009-06-25 10:30
Updated : 2018-10-10 12:35
NVD link : CVE-2009-1201
Mitre link : CVE-2009-1201
JSON object : View
CWE
CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Products Affected
cisco
- adaptive_security_appliance