Attackers rely on user interaction to exploit this vulnerability and must convince a user to follow a malicious link. Only users who have access to an affected we site could participate in an exploit. An exploit could allow the attacker could execute arbitrary script or HTML in a user's browser session in the security context of the affected site. Depending on executed code, the attacker could access sensitive browser-based information or take actions as the user within the security context of the affected site.
Cisco Secure ACS utilizes UCP to allow users to change their own ACS password. The UCP application relays password changes to Secure ACS. An authorized user could connect to the UCP web interface to modify an account password. UCP is an optional component of Secure ACS that is not installed by default, and it may be installed on a separate system than Secure ACS.
The vendor scored this vulnerability to reflect the existence of publicly available functional exploit code; however, no public code is known to exist. Cross-site scripting vulnerabilities affect many web applications and there are numerous proof-of-concept URLs that demonstrate exploits. An attacker with knowledge of the unsanitized parameters in the UCP application could likely create URLs that could execute script code in the user's browser session.