Lucene search
K

13 matches found

Hacker One
Hacker One
added 2022/06/18 7:23 p.m.34 views

U.S. Dept Of Defense: XSS DUE TO CVE-2020-3580

Hello Team, During my research, I found multiple hosts to be vulnerable to Cisco ASA XSS CVE-2020-3580, This vulnerability targets the saml service within the VPN. It is triggered via a POST request to domain/+CSCOE+/saml/sp/acs?tgname=a References...

2.6CVSS0.9AI score0.85439EPSS
Exploits2
VulnCheck KEV
VulnCheck KEV
added 2021/11/03 12:0 a.m.5 views

VulnCheck KEV: CVE-2020-3580

Cisco Adaptive Security Appliance ASA and Firepower Threat Defense FTD contain an insufficient input validation vulnerability for user-supplied input by the web services interface. Successful exploitation could allow an attacker to perform cross-site scripting XSS in the context of the...

6.1CVSS6.8AI score0.85439EPSS
Exploits2References1
Hacker One
Hacker One
added 2021/07/25 8:33 p.m.87 views

U.S. Dept Of Defense: XSS due to CVE-2020-3580 [██████]

Multiple vulnerabilities in the web services interface of Cisco Adaptive Security Appliance ASA Software and Cisco Firepower Threat Defense FTD Software could allow an unauthenticated, remote attacker to conduct cross-site scripting XSS attacks against a user of the web services interface of an...

2.6CVSS1.5AI score0.85439EPSS
Exploits2
Hacker One
Hacker One
added 2021/07/25 8:32 p.m.398 views

U.S. Dept Of Defense: XSS due to CVE-2020-3580 [███]

Multiple vulnerabilities in the web services interface of Cisco Adaptive Security Appliance ASA Software and Cisco Firepower Threat Defense FTD Software could allow an unauthenticated, remote attacker to conduct cross-site scripting XSS attacks against a user of the web services interface of an...

2.6CVSS1.5AI score0.85439EPSS
Exploits2
Hacker One
Hacker One
added 2021/07/25 8:31 p.m.135 views

U.S. Dept Of Defense: XSS due to CVE-2020-3580 [███.mil]

Multiple vulnerabilities in the web services interface of Cisco Adaptive Security Appliance ASA Software and Cisco Firepower Threat Defense FTD Software could allow an unauthenticated, remote attacker to conduct cross-site scripting XSS attacks against a user of the web services interface of an...

2.6CVSS1.7AI score0.85439EPSS
Exploits2
Check Point Advisories
Check Point Advisories
added 2021/07/15 12:0 a.m.13 views

Cisco Adaptive Security Appliance Cross Site Scripting (CVE-2020-3580)

A cross site scripting vulnerability exists in Cisco Adaptive Security Appliance. Successful exploitation of this vulnerability would allow remote attackers to inject an arbitrary web script into the affected system...

2.6CVSS5.5AI score0.85439EPSS
Exploits2
Hacker One
Hacker One
added 2021/06/30 1:7 a.m.21 views

MTN Group: Reflected Cross Site Scripting Cisco ASA on myvpn.mtncameroon.net CVE-2020-3580

The Cisco ASA Adaptive Security Appliance and Cisco Firepower Threat Defense FTD Software were found to contain vulnerabilities in their web services interface. These vulnerabilities could have allowed an unauthenticated, remote attacker to conduct cross-site scripting XSS attacks against a user ...

6.1CVSS6.5AI score0.85439EPSS
Exploits2
The Hacker News
The Hacker News
added 2021/06/28 6:39 a.m.626 views

Cisco ASA Flaw Under Active Attack After PoC Exploit Posted Online

A security vulnerability in Cisco Adaptive Security Appliance ASA that was addressed by the company last October, and again earlier this April, has been subjected to active in-the-wild attacks following the release of proof-of-concept PoC exploit code. The PoC was published by researchers from...

7.5CVSS1.6AI score0.99992EPSS
Exploits26
Hacker One
Hacker One
added 2021/06/26 11:42 a.m.65 views

U.S. Dept Of Defense: XSS DUE TO CVE-2020-3580

Hello Team, During my research, I found the following host to be vulnerable to CVE 2020-3580 which is POST BASED XSS. Vulnerable URL: https://████/+CSCOE+/saml/sp/acs?tgname=a Impact Attackers can steal cookies and even takeover accounts and perform different malicious activities. System Hosts ██...

2.6CVSS1.6AI score0.85439EPSS
Exploits2
Hacker One
Hacker One
added 2021/06/26 11:36 a.m.81 views

U.S. Dept Of Defense: XSS DUE TO CVE-2020-3580

Hello Team, During my research, I found the following host to be vulnerable to CVE 2020-3580 which is POST BASED XSS. Vulnerable URL: https://█████/+CSCOE+/saml/sp/acs?tgname=a Impact Attackers can steal cookies and even takeover accounts and perform different malicious activities. System Hosts █...

2.6CVSS1.6AI score0.85439EPSS
Exploits2
Hacker One
Hacker One
added 2021/06/24 9:34 p.m.306 views

U.S. Dept Of Defense: ███████ - XSS - CVE-2020-3580

████ appears to be affected by the Cisco ASA XSS CVE-2020-3580, This vulnerablity is targets the saml service within the VPN. It is triggered via a POST request to /+CSCOE+/saml/sp/acs?tgname=a References...

2.6CVSS1.2AI score0.85439EPSS
Exploits2
Tenable Nessus
Tenable Nessus
added 2021/06/24 12:0 a.m.68 views

Cisco Firepower Threat Defense Software Web Services Interface Multiple Vulnerabilities (cisco-sa-asaftd-xss-multiple-FCB3vPZe)

According to its self-reported version, Cisco Firepower Threat Defense Software is affected by multiple vulnerabilities. Please see the included Cisco BIDs and Cisco Security Advisory for more information. TRUSTED...

6.1CVSS7AI score0.85439EPSS
Exploits2References10
CVE
CVE
added 2020/10/21 6:40 p.m.1201 views

CVE-2020-3580

Cisco ASA/FTD web services suffer XSS due to insufficient input validation in the web UI, allowing unauthenticated, remote attackers to induce script execution or access browser data via crafted links. Affected products include Cisco ASA and FTD with specific AnyConnect/WebVPN configurations. Imp...

6.1CVSS6.4AI score0.85439EPSS
In wildExploits2References2Affected Software1
Rows per page
Query Builder