Cisco Adaptive Security Appliance WebVPN Login Page Cross-Site Scripting Vulnerability
A vulnerability in the WebVPN login page of Cisco Adaptive Security Appliance (ASA) Software could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of WebVPN on the Cisco ASA. The vulnerability is due to insufficient input validation of a parameter. An attacker could exploit this vulnerability by convincing a user to access a malicious link. Security Impact Rating: Medium CVE: CVE-2014-2120http://news.poseidon-us.com/TGXm31