CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0CVE-2015-0698
https://notcve.org/view.php?id=CVE-2015-0698
15 Apr 2015 — Multiple cross-site scripting (XSS) vulnerabilities in filter search forms in admin web pages on Cisco Web Security Appliance (WSA) devices with software 8.5.0-497 allow remote attackers to inject arbitrary web script or HTML via a crafted URL, aka Bug ID CSCut39213. Múltiples vulnerabilidades de XSS en formularios de búsqueda de filtros en páginas web de administración en dispositivos Cisco Web Security Appliance (WSA) con software 8.5.0-497 permite a atacantes remotos inyectar secuencias de comandos web o... • http://tools.cisco.com/security/center/viewAlert.x?alertId=38351 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2015-0692
https://notcve.org/view.php?id=CVE-2015-0692
11 Apr 2015 — Cisco Web Security Appliance (WSA) devices with software 8.5.0-ise-147 do not properly restrict use of the pickle Python module during certain tunnel-status checks, which allows local users to execute arbitrary Python code and gain privileges via crafted serialized objects, aka Bug ID CSCut39230. Los dispositivos Cisco Web Security Appliance (WSA) con software 8.5.0-ise-147 no restringen correctamente el uso del módulo pickle Python durante ciertas comprobaciones del estado de túneles, lo que permite a usua... • http://tools.cisco.com/security/center/viewAlert.x?alertId=38305 • CWE-264: Permissions, Privileges, and Access Controls •