{"containers":{"cna":{"affected":[{"product":"n/a","vendor":"n/a","versions":[{"status":"affected","version":"n/a"}]}],"datePublic":"2014-03-18T00:00:00.000Z","descriptions":[{"lang":"en","value":"Cross-site scripting (XSS) vulnerability in the WebVPN login page in Cisco Adaptive Security Appliance (ASA) Software allows remote attackers to inject arbitrary web script or HTML via an unspecified parameter, aka Bug ID CSCun19025."}],"problemTypes":[{"descriptions":[{"description":"n/a","lang":"en","type":"text"}]}],"providerMetadata":{"dateUpdated":"2015-05-04T16:57:01.000Z","orgId":"d1c1063e-7a18-46af-9102-31f8928bc633","shortName":"cisco"},"references":[{"name":"1029935","tags":["vdb-entry","x_refsource_SECTRACK"],"url":"http://www.securitytracker.com/id/1029935"},{"name":"20140318 Cisco Adaptive Security Appliance WebVPN Login Page Cross-Site Scripting Vulnerability","tags":["vendor-advisory","x_refsource_CISCO"],"url":"http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-2120"},{"name":"66290","tags":["vdb-entry","x_refsource_BID"],"url":"http://www.securityfocus.com/bid/66290"}],"x_legacyV4Record":{"CVE_data_meta":{"ASSIGNER":"psirt@cisco.com","ID":"CVE-2014-2120","STATE":"PUBLIC"},"affects":{"vendor":{"vendor_data":[{"product":{"product_data":[{"product_name":"n/a","version":{"version_data":[{"version_value":"n/a"}]}}]},"vendor_name":"n/a"}]}},"data_format":"MITRE","data_type":"CVE","data_version":"4.0","description":{"description_data":[{"lang":"eng","value":"Cross-site scripting (XSS) vulnerability in the WebVPN login page in Cisco Adaptive Security Appliance (ASA) Software allows remote attackers to inject arbitrary web script or HTML via an unspecified parameter, aka Bug ID CSCun19025."}]},"problemtype":{"problemtype_data":[{"description":[{"lang":"eng","value":"n/a"}]}]},"references":{"reference_data":[{"name":"1029935","refsource":"SECTRACK","url":"http://www.securitytracker.com/id/1029935"},{"name":"20140318 Cisco Adaptive Security Appliance WebVPN Login Page Cross-Site Scripting Vulnerability","refsource":"CISCO","url":"http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-2120"},{"name":"66290","refsource":"BID","url":"http://www.securityfocus.com/bid/66290"}]}}},"adp":[{"providerMetadata":{"orgId":"af854a3a-2127-422b-91ae-364da2661108","shortName":"CVE","dateUpdated":"2024-08-06T10:05:59.771Z"},"title":"CVE Program Container","references":[{"name":"1029935","tags":["vdb-entry","x_refsource_SECTRACK","x_transferred"],"url":"http://www.securitytracker.com/id/1029935"},{"name":"20140318 Cisco Adaptive Security Appliance WebVPN Login Page Cross-Site Scripting Vulnerability","tags":["vendor-advisory","x_refsource_CISCO","x_transferred"],"url":"http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-2120"},{"name":"66290","tags":["vdb-entry","x_refsource_BID","x_transferred"],"url":"http://www.securityfocus.com/bid/66290"}]},{"metrics":[{"cvssV3_1":{"scope":"CHANGED","version":"3.1","baseScore":5.4,"attackVector":"NETWORK","baseSeverity":"MEDIUM","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N","integrityImpact":"LOW","userInteraction":"REQUIRED","attackComplexity":"LOW","availabilityImpact":"NONE","privilegesRequired":"LOW","confidentialityImpact":"LOW"}},{"other":{"type":"kev","content":{"dateAdded":"2024-11-12","reference":"https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2014-2120"}}},{"other":{"type":"ssvc","content":{"id":"CVE-2014-2120","role":"CISA Coordinator","options":[{"Exploitation":"active"},{"Automatable":"no"},{"Technical Impact":"total"}],"version":"2.0.3","timestamp":"2025-08-20T03:56:10.566308Z"}}}],"affected":[{"cpes":["cpe:2.3:a:cisco:adaptive_security_appliance_software:-:*:*:*:*:*:*:*"],"vendor":"cisco","product":"adaptive_security_appliance_software","versions":[{"status":"affected","version":"0","lessThan":"*","versionType":"custom"}],"defaultStatus":"unknown"}],"references":[{"url":"https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2014-2120","tags":["government-resource"]}],"problemTypes":[{"descriptions":[{"lang":"en","type":"CWE","cweId":"CWE-79","description":"CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')"}]}],"timeline":[{"time":"2024-11-12T00:00:00.000Z","lang":"en","value":"CVE-2014-2120 added to CISA KEV"}],"title":"CISA ADP Vulnrichment","providerMetadata":{"orgId":"134c704f-9b21-4f2e-91b3-4a467353bcc0","shortName":"CISA-ADP","dateUpdated":"2025-10-22T00:05:38.543Z"}}]},"cveMetadata":{"assignerOrgId":"d1c1063e-7a18-46af-9102-31f8928bc633","assignerShortName":"cisco","cveId":"CVE-2014-2120","datePublished":"2014-03-19T01:00:00.000Z","dateReserved":"2014-02-25T00:00:00.000Z","dateUpdated":"2025-10-22T00:05:38.543Z","state":"PUBLISHED"},"dataType":"CVE_RECORD","dataVersion":"5.1"}