CVE-2018-0251Cross-site Scripting in Cisco Adaptive Security Appliance Software

CWE-79Cross-site Scripting4 documents4 sources
Severity
6.1MEDIUMNVD
EPSS
0.3%
top 48.54%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Cisco Adaptive Security Appliance Software
Timeline
PublishedApr 19
Latest updateMay 13

Description

A vulnerability in the Web Server Authentication Required screen of the Clientless Secure Sockets Layer (SSL) VPN portal of Cisco Adaptive Security Appliance (ASA) Software could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of that portal on an affected device. The vulnerability is due to insufficient validation of user-supplied input by the web-based interface of an affected device. An attacker could exploit this vulnerability by persua

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:NExploitability: 2.8 | Impact: 2.7

Affected Packages1 packages

NVDcisco/adaptive_security_appliance_software9.8\(2.15\), 9.9\(1\)+1

🔴Vulnerability Details

2
GHSA
GHSA-59wx-wx8g-cfcx: A vulnerability in the Web Server Authentication Required screen of the Clientless Secure Sockets Layer (SSL) VPN portal of Cisco Adaptive Security Ap2022-05-13
CVEList
CVE-2018-0251: A vulnerability in the Web Server Authentication Required screen of the Clientless Secure Sockets Layer (SSL) VPN portal of Cisco Adaptive Security Ap2018-04-19

📋Vendor Advisories

1
Cisco
Cisco Adaptive Security Appliance Clientless SSL VPN Cross-Site Scripting Vulnerability2018-04-18
CVE-2018-0251 — Cross-site Scripting in Cisco | cvebase