CVE-2021-1444 – Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software Web Services Interface Cross-Site Scripting Vulnerability

https://notcve.org/view.php?id=CVE-2021-1444

18 Nov 2024 — A vulnerability in the web services interface of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to conduct cross-site scripting (XSS) attacks against a user of the interface. This vulnerability is due to insufficient validation of user-supplied input by the web services interface of an affected device. An attacker could exploit this vulnerability by persuading a user of the interface to click a craf... • https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-asaftd-xss-webui-gQLSFyPM • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •