Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
Eval injection vulnerability in the csco_wrap_js function in /+CSCOL+/cte.js in WebVPN on the Cisco Adaptive Security Appliances (ASA) device with software 8.0(4), 8.1.2, and 8.2.1 allows remote attackers to bypass a DOM wrapper and conduct cross-site scripting (XSS) attacks by setting CSCO_WebVPN['process'] to the name of a crafted function, aka Bug ID CSCsy80694.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
Cisco ASA设备WebVPN DOM Wrapper跨站脚本漏洞
Vulnerability Description
Cisco自适应安全设备(ASA)是可提供安全和VPN服务的模块化平台。 ASA的DOM wrapper中存在跨站脚本漏洞。/+CSCOL+/cte.js中的csco_wrap_js JavaScript函数调用了CSCO_WebVPN['process';]所引用的函数,之后在eval语句中使用了调用的结果: function csco_wrap_js(str) { var ret="<script id=CSCO_GHOST src="+CSCO_Gateway+ "/+CSCOL+/cte.js><
CVSS Information
N/A
Vulnerability Type
N/A