Vulnerability Description
Cross-site scripting (XSS) vulnerability in Cisco AnyConnect Secure Mobility Client 3.1(.02043) and earlier and Cisco HostScan Engine 3.1(.05183) and earlier allows remote attackers to inject arbitrary web script or HTML via vectors involving an applet-path URL, aka Bug IDs CSCup82990 and CSCuq80149.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Cisco | Hostscan Engine | <= 3.1\(.05183\) |
| Cisco | Anyconnect Secure Mobility Client | <= 3.1\(.02043\) |
Related Weaknesses (CWE)
References
- http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-8021Vendor Advisory
- http://tools.cisco.com/security/center/viewAlert.x?alertId=37323Vendor Advisory
- http://www.securityfocus.com/bid/72475
- https://exchange.xforce.ibmcloud.com/vulnerabilities/100666
- http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-8021Vendor Advisory
- http://tools.cisco.com/security/center/viewAlert.x?alertId=37323Vendor Advisory
- http://www.securityfocus.com/bid/72475
- https://exchange.xforce.ibmcloud.com/vulnerabilities/100666
FAQ
What is CVE-2014-8021?
CVE-2014-8021 is a vulnerability with a CVSS score of 4.3 (MEDIUM). Cross-site scripting (XSS) vulnerability in Cisco AnyConnect Secure Mobility Client 3.1(.02043) and earlier and Cisco HostScan Engine 3.1(.05183) and earlier allows remote attackers to inject arbitrar...
How severe is CVE-2014-8021?
CVE-2014-8021 has been rated MEDIUM with a CVSS base score of 4.3/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2014-8021?
Check the references section above for vendor advisories and patch information. Affected products include: Cisco Hostscan Engine, Cisco Anyconnect Secure Mobility Client.