Cisco · Cisco Secure Access Control Server · CVE-2011-3317
**Name of the Vulnerable Software and Affected Versions**
Cisco Secure Access Control Server (ACS) version 5.2
**Description**
The issue concerns multiple cross-site scripting (XSS) vulnerabilities in the Solution Engine of Cisco Secure Access Control Server (ACS). These vulnerabilities allow remote attackers to inject arbitrary web script or HTML via unspecified vectors.
**Recommendations**
For Cisco Secure Access Control Server (ACS) version 5.2, update to a version that includes the fix for Bug ID CSCtr78192 to resolve the issue. As a temporary workaround, consider restricting access to the Solution Engine to minimize the risk of exploitation.