CVE-2006-3101

Published: Jun 21, 2006Modified: Apr 16, 2026

4.3

Vector

AV:N/AC:M/Au:N/C:N/I:P/A:N

Exploitability: 8.6 / Impact: 2.9

Source: NVD

Description

Cross-site scripting (XSS) vulnerability in LogonProxy.cgi in Cisco Secure ACS for UNIX 2.3 allows remote attackers to inject arbitrary web script or HTML via the (1) error, (2) SSL, and (3) Ok parameters.

Affected (1)

Products: Cisco: Secure Access Control Server

Cisco

1 product

Secure Access Control Server

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Cisco Secure Access Control Server	Version 2.3

References (20)

http://secunia.com/advisories/20699

Source: cve@mitre.org

PatchVendor Advisory

http://securityreason.com/securityalert/1116

Source: cve@mitre.org

http://securitytracker.com/id?1016317

Source: cve@mitre.org

ExploitPatch

http://www.cisco.com/en/US/products/sw/secursw/ps4911/tsd_products_security_response09186a00806b8bdb.html

Source: cve@mitre.org

Patch

http://www.osvdb.org/26531

Source: cve@mitre.org

http://www.securityfocus.com/archive/1/437441/100/0/threaded

Source: cve@mitre.org

http://www.securityfocus.com/archive/1/437480/100/0/threaded

Source: cve@mitre.org

http://www.securityfocus.com/bid/18449

Source: cve@mitre.org

ExploitPatch

http://www.vupen.com/english/advisories/2006/2384

Source: cve@mitre.org

https://exchange.xforce.ibmcloud.com/vulnerabilities/27166

Source: cve@mitre.org

http://secunia.com/advisories/20699