CVE-2014-8021

Name of the Vulnerable Software and Affected Versions Cisco AnyConnect Secure Mobility Client version 3.1(.02043) and earlier Cisco HostScan Engine version 3.1(.05183) and earlier

Description A cross-site scripting (XSS) issue allows remote attackers to inject arbitrary web script or HTML via vectors involving an applet-path URL.

Recommendations For Cisco AnyConnect Secure Mobility Client version 3.1(.02043) and earlier, update to a version later than 3.1(.02043) to resolve the issue. For Cisco HostScan Engine version 3.1(.05183) and earlier, update to a version later than 3.1(.05183) to resolve the issue. As a temporary workaround, consider restricting access to the applet-path URL to minimize the risk of exploitation.