CVE-2016-6436 — Cross-site Scripting in Cisco Hostscan Engine

CWE-79 — Cross-site Scripting4 documents4 sources

Severity

6.1MEDIUMNVD

EPSS

0.3%

top 51.58%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Cisco Hostscan Engine

Timeline

PublishedOct 6

Latest updateMay 17

Description

Cross-site scripting (XSS) vulnerability in HostScan Engine 3.0.08062 through 3.1.14018 in the Cisco Host Scan package, as used in ASA Web VPN, allows remote attackers to inject arbitrary web script or HTML via a crafted URL, aka Bug ID CSCuz14682.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:NExploitability: 2.8 | Impact: 2.7

Affected Packages1 packages

▶NVDcisco/hostscan_engine22 versions+21

🔴Vulnerability Details

GHSA

GHSA-cj29-8hcg-f8p3: Cross-site scripting (XSS) vulnerability in HostScan Engine 3↗2022-05-17

▶

CVEList

CVE-2016-6436: Cross-site scripting (XSS) vulnerability in HostScan Engine 3↗2016-10-06

▶

📋Vendor Advisories

Cisco

Cisco Host Scan Package Cross-Site Scripting Vulnerability↗2016-10-05

▶