Update: Cisco Confirms Active Exploitation of Decade-Old WebVPN Vulnerability in ASA Software

According to Cisco’s updated advisory, the vulnerability arises from “insufficient input validation of a parameter,” enabling attackers to craft malicious links that, when accessed by a victim, execute arbitrary scripts in their browser.