CVE-2015-6346

Name of the Vulnerable Software and Affected Versions Cisco Secure Access Control Server versions 5.7(0.15)

Description The issue exists due to insufficient protection of the web page structure, allowing for the injection of arbitrary web script or HTML code. This can be exploited by a remote attacker to inject malicious code via a crafted URL, specifically through cross-site scripting (XSS).

Recommendations For version 5.7(0.15), consider restricting access to vulnerable URL endpoints until a patch is available. As a temporary workaround, avoid using crafted URLs that could exploit the XSS vulnerability in the affected version. At the moment, there is no information about a newer version that contains a fix for this vulnerability.