CVE-2015-0698 β€” Cross-site Scripting in Cisco WEB Security Appliance

CWE-79 β€” Cross-site Scripting4 documents4 sources
Severity
4.3MEDIUMNVD
EPSS
0.3%
top 50.27%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Cisco WEB Security Appliance
Timeline
PublishedApr 15
Latest updateMay 17

Description

Multiple cross-site scripting (XSS) vulnerabilities in filter search forms in admin web pages on Cisco Web Security Appliance (WSA) devices with software 8.5.0-497 allow remote attackers to inject arbitrary web script or HTML via a crafted URL, aka Bug ID CSCut39213.

CVSS vector

AV:N/AC:M/C:N/I:P/A:NExploitability: 8.6 | Impact: 2.9

Affected Packages1 packages

πŸ”΄Vulnerability Details

2
GHSA
GHSA-297g-9658-43jh: Multiple cross-site scripting (XSS) vulnerabilities in filter search forms in admin web pages on Cisco Web Security Appliance (WSA) devices with softw↗2022-05-17
β–Ά
CVEList
CVE-2015-0698: Multiple cross-site scripting (XSS) vulnerabilities in filter search forms in admin web pages on Cisco Web Security Appliance (WSA) devices with softw↗2015-04-15
β–Ά

πŸ“‹Vendor Advisories

1
Cisco
Cisco Web Security Appliance Cross-Site Scripting Vulnerability↗2015-04-14
β–Ά
CVE-2015-0698 β€” Cross-site Scripting in Cisco | cvebase