Bug Alert warns a cross-scripting vulnerability has been found in the CiscoSecure ACS, Cisco's RADIUS implementation. The flaw is in the Web administration component.
For now, it is recommended users to not expose the Web interface to the public Internet.
For more on the product, go to:
http://www.cisco.com/univercd/cc/td/doc/product/access/acs_soft/csacs4nt/