Vulnerabilities > Cisco > WEB Security Virtual Appliance > 10.5.1

DATE CVE VULNERABILITY TITLE RISK
2021-01-20 CVE-2021-1271 Unspecified vulnerability in Cisco web Security Virtual Appliance
A vulnerability in the web-based management interface of Cisco AsyncOS for Cisco Web Security Appliance (WSA) could allow an authenticated, remote attacker to conduct a stored cross-site scripting (XSS) attack against a user of the interface of an affected device.
network
low complexity
cisco
4.8
4.8
2017-07-25 CVE-2017-6750 Insecure Default Initialization of Resource vulnerability in Cisco products
A vulnerability in AsyncOS for the Cisco Web Security Appliance (WSA) could allow an unauthenticated, local attacker to log in to the device with the privileges of a limited user or an unauthenticated, remote attacker to authenticate to certain areas of the web GUI, aka a Static Credentials Vulnerability.
network
low complexity
cisco CWE-1188
7.5
7.5
2017-07-25 CVE-2017-6749 Cross-site Scripting vulnerability in Cisco products
A vulnerability in the web-based management interface of Cisco Web Security Appliance (WSA) could allow an authenticated, remote attacker to conduct a stored cross-site scripting (XSS) attack against a user of the web-based management interface of an affected device.
network
low complexity
cisco CWE-79
5.4
5.4
2017-07-25 CVE-2017-6748 Injection vulnerability in Cisco products
A vulnerability in the CLI parser of the Cisco Web Security Appliance (WSA) could allow an authenticated, local attacker to perform command injection and elevate privileges to root.
local
low complexity
cisco CWE-74
6.7
6.7