CVSS: 5.4EPSS: 0%CPEs: 18EXPL: 0CVE-2017-6749
https://notcve.org/view.php?id=CVE-2017-6749
25 Jul 2017 — A vulnerability in the web-based management interface of Cisco Web Security Appliance (WSA) could allow an authenticated, remote attacker to conduct a stored cross-site scripting (XSS) attack against a user of the web-based management interface of an affected device. Affected Products: virtual and hardware versions of Cisco Web Security Appliance (WSA). More Information: CSCvd88865. Known Affected Releases: 10.1.0-204. Una vulnerabilidad en la interfaz de administración basada en web de Web Security Applian... • http://www.securityfocus.com/bid/99875 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.8EPSS: 0%CPEs: 12EXPL: 0CVE-2017-3827
https://notcve.org/view.php?id=CVE-2017-3827
22 Feb 2017 — A vulnerability in the Multipurpose Internet Mail Extensions (MIME) scanner of Cisco AsyncOS Software for Cisco Email Security Appliances (ESA) and Web Security Appliances (WSA) could allow an unauthenticated, remote attacker to bypass configured user filters on the device. Affected Products: This vulnerability affects all releases prior to the first fixed release of Cisco AsyncOS Software for Cisco ESA and Cisco WSA, both virtual and hardware appliances, that are configured with message or content filters ... • http://www.securityfocus.com/bid/96239 • CWE-20: Improper Input Validation •