Vendor: Cisco Systems
Vendor URL: www.cisco.com
Vendor Response: Vendor has been notified and has since addressed the issue in the latest software release.
Description:
A non-persistent XSS vulnerability is present within the AccessCodeStart.asp page. A
malicious user may leverage this to possibly gain access client information in captive
portal/hotspot locations using this software.
Example:
Patch Information:
Download BBSMPatch5332.zip
CVE: CVE-2008-2165
Credit:
Brad Antoniewicz
[email protected]