CVSS: 5.4EPSS: 0%CPEs: 18EXPL: 0CVE-2017-6749
https://notcve.org/view.php?id=CVE-2017-6749
25 Jul 2017 — A vulnerability in the web-based management interface of Cisco Web Security Appliance (WSA) could allow an authenticated, remote attacker to conduct a stored cross-site scripting (XSS) attack against a user of the web-based management interface of an affected device. Affected Products: virtual and hardware versions of Cisco Web Security Appliance (WSA). More Information: CSCvd88865. Known Affected Releases: 10.1.0-204. Una vulnerabilidad en la interfaz de administración basada en web de Web Security Applian... • http://www.securityfocus.com/bid/99875 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.5EPSS: 0%CPEs: 17EXPL: 0CVE-2017-6750
https://notcve.org/view.php?id=CVE-2017-6750
25 Jul 2017 — A vulnerability in AsyncOS for the Cisco Web Security Appliance (WSA) could allow an unauthenticated, local attacker to log in to the device with the privileges of a limited user or an unauthenticated, remote attacker to authenticate to certain areas of the web GUI, aka a Static Credentials Vulnerability. Affected Products: virtual and hardware versions of Cisco Web Security Appliance (WSA). More Information: CSCve06124. Known Affected Releases: 10.1.0-204. Known Fixed Releases: 10.5.1-270. • http://www.securityfocus.com/bid/99924 • CWE-1188: Initialization of a Resource with an Insecure Default •