CVE-2015-0729

Name of the Vulnerable Software and Affected Versions Cisco Secure Access Control Server Solution Engine (ACSE) version 5.5(0.1)

Description A cross-site scripting (XSS) issue allows remote attackers to inject arbitrary web script or HTML via a file-inclusion attack.

Recommendations For version 5.5(0.1), consider restricting access to sensitive web pages to minimize the risk of exploitation until a patch is available. As a temporary workaround, avoid using file-inclusion features in the affected version until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.