Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2008-0533


Vulnerability Score 4.3 4.3
CVE Id CVE-2008-0533
Last Modified 07 Mar 2011 10:04:51
Published 14 Mar 2008 04:44:00
Confidentiality Impact NONE NONE
Integrity Impact PARTIAL PARTIAL
Availability Impact NONE NONE
Access Vector NETWORK
Access Complexity MEDIUM
Authentication NONE



Multiple cross-site scripting (XSS) vulnerabilities in securecgi-bin/CSuserCGI.exe in User-Changeable Password (UCP) before 4.2 in Cisco Secure Access Control Server (ACS) for Windows and ACS Solution Engine allow remote attackers to inject arbitrary web script or HTML via an argument located immediately after the Help argument, and possibly unspecified other vectors.

Vulnerable Systems


  • Cisco Acs For Windows

  • Cisco Acs Solution Engine

  • Cisco User Changeable Password 4.1


CISCO - 20080312 Cisco Secure Access Control Server for Windows User-Changeable Password Vulnerabilities

SECUNIA - 29351

XF - cisco-acs-ucp-csusercgi-xss(41156)

VUPEN - ADV-2008-0868

BID - 28222

BUGTRAQ - 20080312 Cisco ACS UCP Remote Pre-Authentication Buffer Overflows


SECTRACK - 1019607

SREASON - 3743

Last Updated: 27 May 2016 10:46:50