CVE-2009-1201

Eval injection vulnerability in the csco_wrap_js function in /+CSCOL+/cte.js in WebVPN on the Cisco Adaptive Security Appliances (ASA) device with software 8.0(4), 8.1.2, and 8.2.1 allows remote attackers to bypass a DOM wrapper and conduct cross-site scripting (XSS) attacks by setting CSCO_WebVPN['process'] to the name of a crafted function, aka Bug ID CSCsy80694.
Advertisement

NeevaHost hosting service

Configurations

Configuration 1 (hide)

AND
OR cpe:2.3:a:cisco:adaptive_security_appliance:8.2.1:*:*:*:*:*:*:*
cpe:2.3:a:cisco:adaptive_security_appliance:8.1.2:*:*:*:*:*:*:*
cpe:2.3:a:cisco:adaptive_security_appliance:8.0\(4\):*:*:*:*:*:*:*
cpe:2.3:h:cisco:adaptive_security_appliance:*:*:*:*:*:*:*:*

Information

Published : 2009-06-25 10:30

Updated : 2018-10-10 12:35


NVD link : CVE-2009-1201

Mitre link : CVE-2009-1201


JSON object : View

CWE
CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Advertisement

dedicated server usa

Products Affected

cisco

  • adaptive_security_appliance