3 matches found
CVE-2020-3154
Cisco Cloud Web Security (CWS) web UI contains a SQL injection vulnerability. The web-based management interface improperly validates SQL values, allowing an authenticated, remote attacker to send malicious requests to an affected device and modify or return values from the underlying database. A...
CVE-2015-0674
CVE-2015-0674 is an XSS vulnerability in Cisco Cloud Web Security’s Alert Service (base revision). The issue arises from insufficient input validation, allowing remote attackers to inject arbitrary web script or HTML via unspecified parameters. The connected documents confirm Cisco Cloud Web Secu...
CVE-2015-0689
Cisco Cloud Web Security (CWS) prior to version 3.0.1.7 is affected by CVE-2015-0689. The root cause is improper handling of HTTP methods in the connector engine, which allows remote attackers to bypass the product’s filtering protection. The impact is bypass of the intended content filtering (no...