https://www.exploit-db.com/exploits/21555
http://www.cnnvd.org.cn/web/xxk/ldxqById.tag?CNNVD=CNNVD-200210-112

CiscoSecureACS是一款由CISCO分发和维护的访问控制和计帐系统。CiscoSecureACSWEB服务程序对通过用户提交给”action”的参数缺少正确的过滤，远程攻击者可以利用此漏洞进行跨站脚本执行攻击。CiscoSecureACS包含WEB组件，其中setup.exe程序对用户提交给”action”参数的数据缺少正确输入验证，攻击者可以提交包含恶意脚本代码的数据给”action”参数，当用户浏览这样的链接时，包含在链接中的恶意代码就会在用户浏览器上执行，导致用户基于Cookie认证的信息泄露。此漏洞很明显需要认证用户才能利用，漏洞存在于MicrosoftWindowsNT操作系统下的CiscoSecureACS版本。

source: http://www.securityfocus.com/bid/5026/info

Cisco Secure ACS is an access control and accounting server system. It is distributed and maintained by Cisco, and in this vulnerability affects implementations on the Microsoft Windows NT platform.

It has been discovered that the web server component of the Cisco Secure ACS package allows an attacker to execute cross-site scripting attacks. When this link is visited, the attacker-supplied HTML or script code could be executed in the browser of a user, provided the user has authenticated to the Secure ACS server. 

http://example.com:dyn_port/setup.exe?action=<script>alert('foo+bar')</script>&page=list_users&user=P*

来源:BID
名称:5026
链接:http://www.securityfocus.com/bid/5026
来源:XF
名称:ciscosecure-web-css(9353)
链接:http://www.iss.net/security_center/static/9353.php
来源:BUGTRAQ
名称:20020621Re:XSSinCiscoSecureACSv3.0
链接:http://online.securityfocus.com/archive/1/278222
来源:BUGTRAQ
名称:20020614XSSinCiscoSecureACSv3.0
链接:http://archives.neohapsis.com/archives/bugtraq/2002-06/0156.html