---------------------------------------------------------------------- Want to work within IT-Security? Secunia is expanding its team of highly skilled security experts. We will help with relocation and obtaining a work permit. Currently the following type of positions are available: http://secunia.com/quality_assurance_analyst/ http://secunia.com/web_application_security_specialist/ http://secunia.com/hardcore_disassembler_and_reverse_engineer/ ---------------------------------------------------------------------- TITLE: Cisco Guard "meta-refresh" Cross-Site Scripting Vulnerability SECUNIA ADVISORY ID: SA21962 VERIFY ADVISORY: http://secunia.com/advisories/21962/ CRITICAL: Less critical IMPACT: Cross Site Scripting WHERE: >From remote OPERATING SYSTEM: Cisco Guard 3.x http://secunia.com/product/4387/ Cisco Guard 4.x http://secunia.com/product/8096/ Cisco Guard 5.x http://secunia.com/product/8097/ DESCRIPTION: A vulnerability has been reported in Cisco Guard, which can be exploited by malicious people to conduct cross-site scripting attacks. The vulnerability is caused due to insufficient filtering of a meta-refresh before it is being returned to a user. If Cisco Guard is running in active basic protection, going through basic/redirect protection, this can be exploited to execute HTML and script code in a user's browser session by e.g. tricking a user into following a specially crafted URL. The vulnerability affects the following products: - Cisco Guard Appliance version 3.X - Cisco Guard Blade version 4.X - Cisco Guard Appliance versions 5.0(3) and 5.1(5) SOLUTION: Update to version 5.1(6) or later. PROVIDED AND/OR DISCOVERED BY: Reported by the vendor. ORIGINAL ADVISORY: http://www.cisco.com/warp/public/707/cisco-sa-20060920-guardxss.shtml ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------