Lucene search

CiscoCVELIST:CVE-2022-20781

HistoryApr 06, 2022 - 6:12 p.m.

CVE-2022-20781 Cisco Web Security Appliance Stored Cross-Site Scripting Vulnerability

2022-04-0618:12:02

CWE-79

cisco

www.cve.org

cisco

web security appliance

stored cross-site scripting

vulnerability

asyncos software

remote attacker

user-supplied input

exploit

arbitrary script code

CVSS3

5.4

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

EPSS

0.001

Percentile

29.2%

JSON

A vulnerability in the web-based management interface of Cisco AsyncOS Software for Cisco Web Security Appliance (WSA) could allow an authenticated, remote attacker to conduct a stored cross-site scripting (XSS) attack against a user of the interface of an affected device. The vulnerability exists because the web-based management interface does not properly validate user-supplied input. An attacker could exploit this vulnerability by inserting malicious data into a specific data field in an affected interface. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface.

CNA Affected

[
  {
    "product": "Cisco Web Security Appliance (WSA)",
    "vendor": "Cisco",
    "versions": [
      {
        "status": "affected",
        "version": "n/a"
      }
    ]
  }
]

References

tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-wsa-stored-xss-XPsJghMY