{"api_version":"1","generated_at":"2026-04-23T13:50:29+00:00","cve":"CVE-2015-6349","urls":{"html":"https://cve.report/CVE-2015-6349","api":"https://cve.report/api/cve/CVE-2015-6349.json","docs":"https://cve.report/api","cve_org":"https://www.cve.org/CVERecord?id=CVE-2015-6349","nvd":"https://nvd.nist.gov/vuln/detail/CVE-2015-6349"},"summary":{"title":"CVE-2015-6349","description":"Cross-site scripting (XSS) vulnerability in the web interface in the Solution Engine in Cisco Secure Access Control Server (ACS) 5.7(0.15) allows remote attackers to inject arbitrary web script or HTML via a crafted URL.","state":"PUBLIC","assigner":"psirt@cisco.com","published_at":"2015-10-30 10:59:00","updated_at":"2016-12-07 18:19:00"},"problem_types":["CWE-79"],"metrics":[],"references":[{"url":"http://www.securitytracker.com/id/1033968","name":"1033968","refsource":"SECTRACK","tags":[],"title":"Cisco Secure Access Control Server Input Validation Flaw Lets Remote Conduct Cross-Site Scripting Attacks - SecurityTracker","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20151023-acs_xss1","name":"20151026 Cisco Secure Access Control Server Reflective Cross-Site Scripting Vulnerability","refsource":"CISCO","tags":["Vendor Advisory"],"title":"Cisco Secure Access Control Server Reflective Cross-Site Scripting Vulnerability","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://www.cve.org/CVERecord?id=CVE-2015-6349","name":"CVE Program record","refsource":"CVE.ORG","tags":["canonical"]},{"url":"https://nvd.nist.gov/vuln/detail/CVE-2015-6349","name":"NVD vulnerability detail","refsource":"NVD","tags":["canonical","analysis"]}],"affected":[],"timeline":[],"solutions":[],"workarounds":[],"exploits":[],"credits":[],"nvd_cpes":[{"cve_year":"2015","cve_id":"6349","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"cisco","cpe5":"secure_access_control_server","cpe6":"5.7.0.15","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2015","cve_id":"6349","vulnerable":"1","versionEndIncluding":"1","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"cisco","cpe5":"secure_access_control_server","cpe6":"5.7.0.15","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"}],"vendor_comments":[],"enrichments":{"kev":null,"epss":null,"legacy_qids":[]},"source_records":{"cve_program":{"CVE_data_meta":{"ASSIGNER":"psirt@cisco.com","ID":"CVE-2015-6349","STATE":"PUBLIC"},"affects":{"vendor":{"vendor_data":[{"product":{"product_data":[{"product_name":"n/a","version":{"version_data":[{"version_value":"n/a"}]}}]},"vendor_name":"n/a"}]}},"data_format":"MITRE","data_type":"CVE","data_version":"4.0","description":{"description_data":[{"lang":"eng","value":"Cross-site scripting (XSS) vulnerability in the web interface in the Solution Engine in Cisco Secure Access Control Server (ACS) 5.7(0.15) allows remote attackers to inject arbitrary web script or HTML via a crafted URL."}]},"problemtype":{"problemtype_data":[{"description":[{"lang":"eng","value":"n/a"}]}]},"references":{"reference_data":[{"name":"20151026 Cisco Secure Access Control Server Reflective Cross-Site Scripting Vulnerability","refsource":"CISCO","url":"http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20151023-acs_xss1"},{"name":"1033968","refsource":"SECTRACK","url":"http://www.securitytracker.com/id/1033968"}]}},"nvd":{"publishedDate":"2015-10-30 10:59:00","lastModifiedDate":"2016-12-07 18:19:00","problem_types":["CWE-79"],"metrics":{"baseMetricV2":{"cvssV2":{"version":"2.0","vectorString":"AV:N/AC:M/Au:N/C:N/I:P/A:N","accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"NONE","confidentialityImpact":"NONE","integrityImpact":"PARTIAL","availabilityImpact":"NONE","baseScore":4.3},"severity":"MEDIUM","exploitabilityScore":8.6,"impactScore":2.9,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":true}},"configurations":{"CVE_data_version":"4.0","nodes":[{"operator":"OR","children":[],"cpe_match":[{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:cisco:secure_access_control_server:5.7.0.15:*:*:*:*:*:*:*","cpe_name":[]}]}]}},"legacy_mitre":{"record":{"CveYear":"2015","CveId":"6349","Ordinal":"83350","Title":"CVE-2015-6349","CVE":"CVE-2015-6349","Year":"2015"},"notes":[{"CveYear":"2015","CveId":"6349","Ordinal":"1","NoteData":"Cross-site scripting (XSS) vulnerability in the web interface in the Solution Engine in Cisco Secure Access Control Server (ACS) 5.7(0.15) allows remote attackers to inject arbitrary web script or HTML via a crafted URL.","Type":"Description","Title":null},{"CveYear":"2015","CveId":"6349","Ordinal":"2","NoteData":"2015-10-30","Type":"Other","Title":"Published"},{"CveYear":"2015","CveId":"6349","Ordinal":"3","NoteData":"2016-12-05","Type":"Other","Title":"Modified"}]}}}