CVE-2014-8021: XSS
First published: Tue Feb 03 2015(Updated: )
Cross-site scripting (XSS) vulnerability in Cisco AnyConnect Secure Mobility Client 3.1(.02043) and earlier and Cisco HostScan Engine 3.1(.05183) and earlier allows remote attackers to inject arbitrary web script or HTML via vectors involving an applet-path URL, aka Bug IDs CSCup82990 and CSCuq80149.
Credit: ykramarz@cisco.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Cisco HostScan Engine | <=3.1\(.05183\) | |
| Cisco AnyConnect | <=3.1\(.02043\) |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2014-8021?
CVE-2014-8021 is classified as a medium severity cross-site scripting (XSS) vulnerability.
How do I fix CVE-2014-8021?
To mitigate CVE-2014-8021, upgrade to the latest version of Cisco AnyConnect Secure Mobility Client or HostScan Engine that addresses this issue.
What software is affected by CVE-2014-8021?
CVE-2014-8021 affects Cisco AnyConnect Secure Mobility Client versions up to 3.1(.02043) and Cisco HostScan Engine versions up to 3.1(.05183).
Can CVE-2014-8021 lead to data theft?
Yes, CVE-2014-8021 can potentially allow remote attackers to inject harmful scripts that may lead to data theft.
Is there a workaround for CVE-2014-8021?
While upgrading is the best solution for CVE-2014-8021, employing strict input validation can serve as a temporary workaround.
- agent/references
- agent/type
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/severity
- agent/author
- agent/description
- agent/first-publish-date
- agent/event
- agent/source
- agent/weakness
- agent/tags
- agent/softwarecombine
- collector/nvd-index
- agent/software-canonical-lookup-request
- vendor/cisco
- canonical/cisco hostscan engine
- version/cisco hostscan engine/3.1\(.05183\)
- canonical/cisco anyconnect
- version/cisco anyconnect/3.1\(.02043\)