CVE-2014-8021

CVE Database · CVE-2014-8021

CVE-2014-8021

· N/AModified

CVSS v3.1

N/A

EPSS

1.79%

Published

Feb 3, 2015

Modified

May 6, 2026

Public PoC / Exploit

All weaponized →

No public PoC or exploit code indexed for this CVE.

Links to public security research (Exploit-DB, Nuclei, Trickest, GitHub) for defensive use only.

Description

Cross-site scripting (XSS) vulnerability in Cisco AnyConnect Secure Mobility Client 3.1(.02043) and earlier and Cisco HostScan Engine 3.1(.05183) and earlier allows remote attackers to inject arbitrary web script or HTML via vectors involving an applet-path URL, aka Bug IDs CSCup82990 and CSCuq80149.

Weaknesses (CWE)

CWE-79

Affected Products (2)

cisco · hostscan_enginevulnerable

cisco · anyconnect_secure_mobility_clientvulnerable

References (8)

http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-8021

Vendor Advisory

http://tools.cisco.com/security/center/viewAlert.x?alertId=37323

Vendor Advisory

http://www.securityfocus.com/bid/72475

https://exchange.xforce.ibmcloud.com/vulnerabilities/100666