Total vulnerabilities in the database
Eval injection vulnerability in the csco_wrap_js function in /+CSCOL+/cte.js in WebVPN on the Cisco Adaptive Security Appliances (ASA) device with software 8.0(4), 8.1.2, and 8.2.1 allows remote attackers to bypass a DOM wrapper and conduct cross-site scripting (XSS) attacks by setting CSCO_WebVPN['process'] to the name of a crafted function, aka Bug ID CSCsy80694.
| Software | From | Fixed in |
|---|---|---|
| cisco / adaptive_security_appliance | 8.0(4) | 8.0(4).x |
| cisco / adaptive_security_appliance | 8.1.2 | 8.1.2.x |
| cisco / adaptive_security_appliance | 8.2.1 | 8.2.1.x |
| cisco / adaptive_security_appliance | - | - |