Cisco VPN3K/ASA WebVPN Clientless Mode Cross-Site Scripting Vulnerability

Cisco VPN3K/ASA WebVPN Clientless Mode Cross-Site Scripting Vulnerability

This issue can be exploited by enticing an authenticated VPN user to visit a URI that contains embedded HTML and script code. The URI will cause the malicious code to be rendered in the 'dnserror.html' or 'connecterror.html' error pages.