Public exploit available
Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2002-0938

4 documents4 sources
Severity
7.5HIGH
EPSS
3.1%
top 13.18%
CISA KEV
Not in KEV
Exploit
PoC available
Public exploit / PoC exists
Affected products
1
Cisco Secure Access Control Server
Timeline
PublishedOct 4
Latest updateApr 30

Description

Cross-site scripting vulnerability in CiscoSecure ACS 3.0 allows remote attackers to execute arbitrary script or HTML as other web users via the action argument in a link to setup.exe.

CVSS vector

AV:N/AC:L/C:P/I:P/A:PExploitability: 10.0 | Impact: 6.4

Affected Packages1 packages

🔴Vulnerability Details

2
GHSA
GHSA-pxmc-42c3-4rvr: Cross-site scripting vulnerability in CiscoSecure ACS 32022-04-30
CVEList
CVE-2002-0938: Cross-site scripting vulnerability in CiscoSecure ACS 32003-04-02

💥Exploits & PoCs

1
Exploit-DB
Cisco Secure ACS for Windows NT 3.0 - Cross-Site Scripting2002-06-14
CVE-2002-0938 (HIGH CVSS 7.5) | Cross-site scripting vulnerability | cvebase.io