Unrated severityNVD Advisory· Published Jun 25, 2009· Updated Jun 16, 2026
CVE-2009-1201
CVE-2009-1201
Description
Eval injection vulnerability in the csco_wrap_js function in /+CSCOL+/cte.js in WebVPN on the Cisco Adaptive Security Appliances (ASA) device with software 8.0(4), 8.1.2, and 8.2.1 allows remote attackers to bypass a DOM wrapper and conduct cross-site scripting (XSS) attacks by setting CSCO_WebVPN['process'] to the name of a crafted function, aka Bug ID CSCsy80694.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
5cpe:2.3:a:cisco:adaptive_security_appliance:8.0\(4\):*:*:*:*:*:*:*+ 3 more
- cpe:2.3:a:cisco:adaptive_security_appliance:8.0\(4\):*:*:*:*:*:*:*
- cpe:2.3:a:cisco:adaptive_security_appliance:8.1.2:*:*:*:*:*:*:*
- cpe:2.3:a:cisco:adaptive_security_appliance:8.2.1:*:*:*:*:*:*:*
- cpe:2.3:h:cisco:adaptive_security_appliance:*:*:*:*:*:*:*:*
- Range: 8.0(4), 8.1.2, 8.2.1
Patches
Vulnerability mechanics
References
6News mentions
0No linked articles in our index yet.