6.1
CVE-2016-6436
- EPSS 0.25%
- Published 06.10.2016 10:59:17
- Last modified 12.04.2025 10:46:40
- Source psirt@cisco.com
- Teams watchlist Login
- Open Login
Cross-site scripting (XSS) vulnerability in HostScan Engine 3.0.08062 through 3.1.14018 in the Cisco Host Scan package, as used in ASA Web VPN, allows remote attackers to inject arbitrary web script or HTML via a crafted URL, aka Bug ID CSCuz14682.
Data is provided by the National Vulnerability Database (NVD)
Cisco ≫ Hostscan Engine Version3.0.08062
Cisco ≫ Hostscan Engine Version3.0.08066
Cisco ≫ Hostscan Engine Version3.1.01065
Cisco ≫ Hostscan Engine Version3.1.02016
Cisco ≫ Hostscan Engine Version3.1.02026
Cisco ≫ Hostscan Engine Version3.1.02040
Cisco ≫ Hostscan Engine Version3.1.02043
Cisco ≫ Hostscan Engine Version3.1.03103
Cisco ≫ Hostscan Engine Version3.1.03104
Cisco ≫ Hostscan Engine Version3.1.04060
Cisco ≫ Hostscan Engine Version3.1.04063
Cisco ≫ Hostscan Engine Version3.1.04075
Cisco ≫ Hostscan Engine Version3.1.04082
Cisco ≫ Hostscan Engine Version3.1.05152
Cisco ≫ Hostscan Engine Version3.1.05160
Cisco ≫ Hostscan Engine Version3.1.05163
Cisco ≫ Hostscan Engine Version3.1.05170
Cisco ≫ Hostscan Engine Version3.1.05178
Cisco ≫ Hostscan Engine Version3.1.05182
Cisco ≫ Hostscan Engine Version3.1.05183
Cisco ≫ Hostscan Engine Version3.1.06073
Cisco ≫ Hostscan Engine Version3.1.14018
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
| Type | Source | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.25% | 0.455 |
| Source | Base Score | Exploit Score | Impact Score | Vector string |
|---|---|---|---|---|
| nvd@nist.gov | 6.1 | 2.8 | 2.7 |
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
|
| nvd@nist.gov | 4.3 | 8.6 | 2.9 |
AV:N/AC:M/Au:N/C:N/I:P/A:N
|
CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.