CVE-2016-6436

Published: Oct 6, 2016Modified: May 6, 2026

6.1

Vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Exploitability: 2.8 / Impact: 2.7

Source: NVD

Description

Cross-site scripting (XSS) vulnerability in HostScan Engine 3.0.08062 through 3.1.14018 in the Cisco Host Scan package, as used in ASA Web VPN, allows remote attackers to inject arbitrary web script or HTML via a crafted URL, aka Bug ID CSCuz14682.

Affected (22)

Products: Cisco: Hostscan Engine

Cisco

1 product

Hostscan Engine

Configuration A

22 vulnerable

Vulnerable Software	Affected Versions
Cisco Hostscan Engine	Version 3.0.08062
Cisco Hostscan Engine	Version 3.0.08066
Cisco Hostscan Engine	Version 3.1.01065
Cisco Hostscan Engine	Version 3.1.02016
Cisco Hostscan Engine	Version 3.1.02026
Cisco Hostscan Engine	Version 3.1.02040
Cisco Hostscan Engine	Version 3.1.02043
Cisco Hostscan Engine	Version 3.1.03103
Cisco Hostscan Engine	Version 3.1.03104
Cisco Hostscan Engine	Version 3.1.04060
Cisco Hostscan Engine	Version 3.1.04063
Cisco Hostscan Engine	Version 3.1.04075
Cisco Hostscan Engine	Version 3.1.04082
Cisco Hostscan Engine	Version 3.1.05152
Cisco Hostscan Engine	Version 3.1.05160
Cisco Hostscan Engine	Version 3.1.05163
Cisco Hostscan Engine	Version 3.1.05170
Cisco Hostscan Engine	Version 3.1.05178
Cisco Hostscan Engine	Version 3.1.05182
Cisco Hostscan Engine	Version 3.1.05183
Cisco Hostscan Engine	Version 3.1.06073
Cisco Hostscan Engine	Version 3.1.14018

Related CWEs

CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.

References (4)

http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161005-chs

Source: psirt@cisco.com

Vendor Advisory

http://www.securityfocus.com/bid/93407

Source: psirt@cisco.com

http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161005-chs

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

http://www.securityfocus.com/bid/93407

Source: af854a3a-2127-422b-91ae-364da2661108

Timeline

No history available yet.