Web Security Appliance@* Security Vulnerabilities and Issues — Web Security Appliance@* CVE List

Lucene search

CiscoWeb Security Appliance*

7 matches found

CVE•added 2023/03/01 8:15 a.m.•148 views

CVE-2023-20032

On Feb 15, 2023, the following vulnerability in the ClamAV scanning library was disclosed: A vulnerability in the HFS+ partition file parser of ClamAV versions 1.0.0 and earlier, 0.105.1 and earlier, and 0.103.7 and earlier could allow an unauthenticated, remote attacker to execute arbitrary code. ...

9.8CVSS9.6AI score0.06217EPSS

CVE•added 2022/04/06 6:15 p.m.•114 views

CVE-2022-20784

A vulnerability in the Web-Based Reputation Score (WBRS) engine of Cisco AsyncOS Software for Cisco Web Security Appliance (WSA) could allow an unauthenticated, remote attacker to bypass established web request policies and access blocked content on an affected device. This vulnerability is due to ...

5.8CVSS5.5AI score0.00527EPSS

CVE•added 2020/03/04 7:15 p.m.•84 views

CVE-2020-3164

A vulnerability in the web-based management interface of Cisco AsyncOS for Cisco Email Security Appliance (ESA), Cisco Web Security Appliance (WSA), and Cisco Content Security Management Appliance (SMA) could allow an unauthenticated remote attacker to cause high CPU usage on an affected device, re...

5.3CVSS5.3AI score0.00813EPSS

CVE•added 2020/09/23 1:15 a.m.•69 views

CVE-2019-15969

A vulnerability in the web-based management interface of Cisco Web Security Appliance (WSA) could allow an unauthenticated, remote attacker to conduct cross-site scripting (XSS) attacks against a user of the interface of an affected device. The vulnerability is due to insufficient validation of use...

6.1CVSS6.1AI score0.00153EPSS

CVE•added 2021/05/06 1:15 p.m.•58 views

CVE-2021-1490

A vulnerability in the web-based management interface of Cisco AsyncOS for Cisco Web Security Appliance (WSA) could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the interface of an affected device. This vulnerability is due to improper v...

6.1CVSS5.5AI score0.00204EPSS

CVE•added 2018/01/18 6:29 a.m.•38 views

CVE-2018-0093

A vulnerability in the web-based management interface of Cisco Web Security Appliance (WSA) could allow an unauthenticated, remote attacker to conduct a reflected cross-site scripting (XSS) attack against a user of the web-based management interface of an affected device. The vulnerability is due t...

6.1CVSS6AI score0.00332EPSS

CVE•added 2015/04/15 10:59 a.m.•32 views

CVE-2015-0698

Multiple cross-site scripting (XSS) vulnerabilities in filter search forms in admin web pages on Cisco Web Security Appliance (WSA) devices with software 8.5.0-497 allow remote attackers to inject arbitrary web script or HTML via a crafted URL, aka Bug ID CSCut39213.

4.3CVSS5.9AI score0.00263EPSS