CVE-2006-3101 Information

Description

Cross-site scripting (XSS) vulnerability in LogonProxy.cgi in Cisco Secure ACS for UNIX 2.3 allows remote attackers to inject arbitrary web script or HTML via the (1) error (2) SSL and (3) Ok parameters.

Reference

http://secunia.com/advisories/20699 http://securityreason.com/securityalert/1116 http://securitytracker.com/id?1016317 http://www.cisco.com/en/US/products/sw/secursw/ps4911/tsd_products_security_response09186a00806b8bdb.html http://www.osvdb.org/26531 http://www.securityfocus.com/archive/1/437441/100/0/threaded http://www.securityfocus.com/archive/1/437480/100/0/threaded http://www.securityfocus.com/bid/18449 http://www.vupen.com/english/advisories/2006/2384 https://exchange.xforce.ibmcloud.com/vulnerabilities/27166