This script is Copyright (C) 2008-2017 Tenable Network Security, Inc.
The remote web server hosts a CGI script that is affected by multiple
cross-site scripting vulnerabilities.
Multiple cross-site scripting (XSS) vulnerabilities exist in the
'securecgi-bin/CSuserCGI.exe' CGI included with User-Changeable
Password (UCP) before 4.2 in Cisco Secure Access Control Server (ACS)
for Windows and ACS Solution Engine.
A remote attacker may be able to leverage these vulnerabilities to
argument located immediately after the Help argument, and possibly
unspecified other vectors.
See also :
Upgrade to UCP Version 4.2 or later.
Risk factor :
Medium / CVSS Base Score : 4.3
CVSS Temporal Score : 3.6
Public Exploit Available : true