CVSS: 4.8EPSS: 0%CPEs: 1EXPL: 0CVE-2021-1271 – Cisco Web Security Appliance Stored Cross-Site Scripting Vulnerability
https://notcve.org/view.php?id=CVE-2021-1271
20 Jan 2021 — A vulnerability in the web-based management interface of Cisco AsyncOS for Cisco Web Security Appliance (WSA) could allow an authenticated, remote attacker to conduct a stored cross-site scripting (XSS) attack against a user of the interface of an affected device. The vulnerability exists because the web-based management interface does not properly validate user-supplied input. An attacker could exploit this vulnerability by inserting malicious data into a specific data field in an affected interface. A suc... • https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-wsa-xss-RuB5WGqL • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 0%CPEs: 9EXPL: 0CVE-2014-2137
https://notcve.org/view.php?id=CVE-2014-2137
02 Apr 2014 — CRLF injection vulnerability in the web framework in Cisco Web Security Appliance (WSA) 7.7 and earlier allows remote attackers to inject arbitrary HTTP headers and conduct redirection attacks via a crafted URL, aka Bug ID CSCuj61002. Vulnerabilidad de inyección CRLF en el framework web en Cisco Web Security Appliance (WSA) 7.7 y anteriores permite a atacantes remotos inyectar cabeceras HTTP arbitrarias y realizar ataques de redirección a través de una URL manipulada, también conocido como Bug ID CSCuj61002... • http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-2137 • CWE-20: Improper Input Validation •