Cisco AnyConnect Secure Mobility Client < 3.1(6068) XSS
Medium Nessus Plugin ID 81671
SynopsisThe remote host is affected by a cross-site scripting vulnerability.
DescriptionThe remote host has a version of Cisco AnyConnect installed that is prior to version 3.1.6073.0. It is, therefore, affected by a cross-site scripting vulnerability due to improper validation of user-supplied input when building a path for an applet in a Document Object Model. An attacker can exploit this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site.
SolutionUpgrade to Cisco AnyConnect Secure Mobility Client 3.1(6068) or later.