Cisco Web Security Appliance Cross-Site Scripting Vulnerability

2021-05-0516:00:00

tools.cisco.com

0.002 Low

EPSS

Percentile

51.5%

JSON

A vulnerability in the web-based management interface of Cisco AsyncOS for Cisco Web Security Appliance (WSA) could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the interface of an affected device.

This vulnerability is due to improper validation of user-supplied input in the web-based management interface. An attacker could exploit this vulnerability by persuading a user to retrieve a crafted file that contains malicious payload and upload it to the affected device. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive, browser-based information.

Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability.

This advisory is available at the following link:
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-wsa-xss-mVjOWchB [“https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-wsa-xss-mVjOWchB”]

Affected configurations

Vulners

Node

ciscoweb_security_appliance_\(wsa\)Matchany

CPENameOperatorVersion
cisco web security appliance (wsa)eqany
cisco web security appliance (wsa)eqany

CPE	Name	Operator	Version
	cisco web security appliance (wsa)	eq	any
	cisco web security appliance (wsa)	eq	any

References

sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-wsa-xss-mVjOWchB

0.002 Low

EPSS

Percentile

51.5%

JSON

Related for CISCO-SA-WSA-XSS-MVJOWCHB