Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2014-8021


Vulnerability Score 4.3 4.3
CVE Id CVE-2014-8021
Last Modified 17 Feb 2015 11:50:19
Published 03 Feb 2015 05:59:01
Confidentiality Impact NONE NONE
Integrity Impact PARTIAL PARTIAL
Availability Impact NONE NONE
Access Vector NETWORK
Access Complexity MEDIUM
Authentication NONE



Cross-site scripting (XSS) vulnerability in Cisco AnyConnect Secure Mobility Client 3.1(.02043) and earlier and Cisco HostScan Engine 3.1(.05183) and earlier allows remote attackers to inject arbitrary web script or HTML via vectors involving an applet-path URL, aka Bug IDs CSCup82990 and CSCuq80149.

Vulnerable Systems


  • Cisco Anyconnect Secure Mobility Client 3.1%28.02043%29

  • Cisco Anyconnect Secure Mobility Client 3.1.02043

  • Cisco Hostscan Engine 3.1%28.05183%29

  • Cisco Hostscan Engine 3.1.05183



CISCO - 20150202 Cisco AnyConnect and Cisco Host Scan Web Launch Cross-Site Scripting Vulnerability

BID - 72475

Last Updated: 27 May 2016 11:07:49