There’s a reflected cross-site scripting vulnerability in a variety of Cisco security appliances that enables a remote, unauthenticated attacker to execute arbitrary code in the context of the user.