Lucene search
CiscoCVE-2014-8021HistoryFeb 03, 2015 - 10:59 p.m.
CVE-2014-8021
2015-02-0322:59:01
CWE-79
cisco
web.nvd.nist.gov
24
cve-2014-8021
cross-site scripting
xss vulnerability
cisco anyconnect
secure mobility client
cisco hostscan engine
remote attackers
web script
html
bug ids
cscup82990
cscuq80149
nvd
CVSS2
4.3
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:M/Au:N/C:N/I:P/A:N
AI Score
5.7
Confidence
High
EPSS
0.002
Percentile
60.1%
Cross-site scripting (XSS) vulnerability in Cisco AnyConnect Secure Mobility Client 3.1(.02043) and earlier and Cisco HostScan Engine 3.1(.05183) and earlier allows remote attackers to inject arbitrary web script or HTML via vectors involving an applet-path URL, aka Bug IDs CSCup82990 and CSCuq80149.
Affected configurations
Node
ciscohostscan_engineRange≤3.1\(.05183\)
Node
ciscoanyconnect_secure_mobility_clientRange≤3.1\(.02043\)
| Vendor | Product | Version | CPE |
|---|---|---|---|
| cisco | hostscan_engine | * | cpe:2.3:a:cisco:hostscan_engine:*:*:*:*:*:*:*:* |
| cisco | anyconnect_secure_mobility_client | * | cpe:2.3:a:cisco:anyconnect_secure_mobility_client:*:*:*:*:*:*:*:* |
Related
cvelist
cvelist
CVE-2014-8021
2015-02-03 22:00:00
prion
prion
Cross site scripting
2015-02-03 22:59:00
cisco
cisco
nvd
nvd
CVE-2014-8021
2015-02-03 22:59:01
nessus
nessus
Cisco AnyConnect Secure Mobility Client < 3.1(6068) XSS
2015-03-06 00:00:00
CVSS2
4.3
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:M/Au:N/C:N/I:P/A:N
AI Score
5.7
Confidence
High
EPSS
0.002
Percentile
60.1%
Related for CVE-2014-8021