Preview Tool

Cisco Bug: CSCut39213 - XSS in filter forms on reporting pages

Last Modified

Feb 06, 2017

Products (1)

  • Cisco Web Security Appliance

Known Affected Releases


Description (partial)

A vulnerability in filter search forms of certain admin webpages of the Cisco Web Security Appliance (WSA) could allow an unauthenticated, remote
attacker to perform a cross-site scripting (XSS) attack against the user of the web interface.

The vulnerability is due to insufficient input validation. An attacker could exploit this vulnerability by convincing a user to visit a malicious
website. If successful, the attacker could conduct an XSS attack and execute arbitrary scripts in the user's browser session or gain access to
sensitive information.

Device configured with default configuration.
Bug details contain sensitive information and therefore require a account to be viewed.

Bug Details Include

  • Full Description (including symptoms, conditions and workarounds)
  • Status
  • Severity
  • Known Fixed Releases
  • Related Community Discussions
  • Number of Related Support Cases
Bug information is viewable for customers and partners who have a service contract. Registered users can view up to 200 bugs per month without a service contract.