Vulnerability Details CVE-2021-1271
A vulnerability in the web-based management interface of Cisco AsyncOS for Cisco Web Security Appliance (WSA) could allow an authenticated, remote attacker to conduct a stored cross-site scripting (XSS) attack against a user of the interface of an affected device. The vulnerability exists because the web-based management interface does not properly validate user-supplied input. An attacker could exploit this vulnerability by inserting malicious data into a specific data field in an affected interface. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.002
EPSS Ranking 42.1%
CVSS Severity
CVSS v3 Score 4.8
CVSS v2 Score 3.5
References
Products affected by CVE-2021-1271
-
cpe:2.3:a:cisco:web_security_virtual_appliance:10.0.0
-
cpe:2.3:a:cisco:web_security_virtual_appliance:10.1.0
-
cpe:2.3:a:cisco:web_security_virtual_appliance:10.1.1
-
cpe:2.3:a:cisco:web_security_virtual_appliance:10.5.1
-
cpe:2.3:a:cisco:web_security_virtual_appliance:11.0.0
-
cpe:2.3:a:cisco:web_security_virtual_appliance:7.1.0
-
cpe:2.3:a:cisco:web_security_virtual_appliance:7.1.1
-
cpe:2.3:a:cisco:web_security_virtual_appliance:7.1.2
-
cpe:2.3:a:cisco:web_security_virtual_appliance:7.1.3
-
cpe:2.3:a:cisco:web_security_virtual_appliance:7.1.4
-
cpe:2.3:a:cisco:web_security_virtual_appliance:7.5.0
-
cpe:2.3:a:cisco:web_security_virtual_appliance:7.5.1
-
cpe:2.3:a:cisco:web_security_virtual_appliance:7.7
-
cpe:2.3:a:cisco:web_security_virtual_appliance:7.7.5
-
cpe:2.3:a:cisco:web_security_virtual_appliance:8.0.5
-
cpe:2.3:a:cisco:web_security_virtual_appliance:8.5.0
-
cpe:2.3:a:cisco:web_security_virtual_appliance:8.5.1
-
cpe:2.3:a:cisco:web_security_virtual_appliance:8.6.0
-
cpe:2.3:a:cisco:web_security_virtual_appliance:8.7.0
-
cpe:2.3:a:cisco:web_security_virtual_appliance:9.0.0