Sign-up

ID

VAR-201504-0278


CVE

CVE-2015-0698


TITLE

Cisco Web Security Appliance device software vulnerable to cross-site scripting

Trust: 0.8

sources: JVNDB: JVNDB-2015-002287

DESCRIPTION

Multiple cross-site scripting (XSS) vulnerabilities in filter search forms in admin web pages on Cisco Web Security Appliance (WSA) devices with software 8.5.0-497 allow remote attackers to inject arbitrary web script or HTML via a crafted URL, aka Bug ID CSCut39213. Vendors have confirmed this vulnerability Bug ID CSCut39213 It is released as.Skillfully crafted by a third party URL Through any Web Script or HTML May be inserted. An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials and launch other attacks. This issue being tracked by Cisco Bug ID CSCut39213. Cisco Web Security Appliance 8.5.0-497 is vulnerable; other versions may also be affected. The appliance provides SaaS-based access control, real-time network reporting and tracking, and security policy formulation. The vulnerability is caused by the program not adequately filtering user-submitted input

Trust: 1.98

sources: NVD: CVE-2015-0698 // JVNDB: JVNDB-2015-002287 // BID: 74018 // VULHUB: VHN-78644

AFFECTED PRODUCTS

vendor:ciscomodel:web security appliancescope:lteversion:8.5.0-497

Trust: 1.0

vendor:ciscomodel:web security appliancescope:eqversion:8.5.0-497

Trust: 0.9

vendor:ciscomodel:web security the appliancescope:eqversion:8.5.0-497

Trust: 0.8

sources: BID: 74018 // JVNDB: JVNDB-2015-002287 // CNNVD: CNNVD-201504-276 // NVD: CVE-2015-0698

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2015-0698
value: MEDIUM

Trust: 1.0

NVD: CVE-2015-0698
value: MEDIUM

Trust: 0.8

CNNVD: CNNVD-201504-276
value: MEDIUM

Trust: 0.6

VULHUB: VHN-78644
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2015-0698
severity: MEDIUM
baseScore: 4.3
vectorString: AV:N/AC:M/AU:N/C:N/I:P/A:N
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 8.6
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-78644
severity: MEDIUM
baseScore: 4.3
vectorString: AV:N/AC:M/AU:N/C:N/I:P/A:N
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 8.6
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

sources: VULHUB: VHN-78644 // JVNDB: JVNDB-2015-002287 // CNNVD: CNNVD-201504-276 // NVD: CVE-2015-0698

PROBLEMTYPE DATA

problemtype:CWE-79

Trust: 1.9

sources: VULHUB: VHN-78644 // JVNDB: JVNDB-2015-002287 // NVD: CVE-2015-0698

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201504-276

TYPE

XSS

Trust: 0.6

sources: CNNVD: CNNVD-201504-276

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2015-002287

PATCH
title:38351url:http://tools.cisco.com/security/center/viewAlert.x?alertId=38351
Trust: 0.8
sources:
            
            
            JVNDB: JVNDB-2015-002287

EXTERNAL IDS
db:NVDid:CVE-2015-0698
Trust: 2.8
db:SECTRACKid:1032135
Trust: 1.1
db:JVNDBid:JVNDB-2015-002287
Trust: 0.8
db:CNNVDid:CNNVD-201504-276
Trust: 0.7
db:BIDid:74018
Trust: 0.4
db:VULHUBid:VHN-78644
Trust: 0.1
sources:
            
            
            VULHUB: VHN-78644 // 
            
            
            
            BID: 74018 // 
            
            
            
            JVNDB: JVNDB-2015-002287 // 
            
            
            
            CNNVD: CNNVD-201504-276 // 
            
            
            
            NVD: CVE-2015-0698

REFERENCES
url:http://tools.cisco.com/security/center/viewalert.x?alertid=38351
Trust: 2.0
url:http://www.securitytracker.com/id/1032135
Trust: 1.1
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-0698
Trust: 0.8
url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2015-0698
Trust: 0.8
url:http://www.cisco.com/en/us/products/ps10164/index.html
Trust: 0.3
sources:
            
            
            VULHUB: VHN-78644 // 
            
            
            
            BID: 74018 // 
            
            
            
            JVNDB: JVNDB-2015-002287 // 
            
            
            
            CNNVD: CNNVD-201504-276 // 
            
            
            
            NVD: CVE-2015-0698

CREDITS
Cisco
Trust: 0.3
sources:
            
            
            BID: 74018

SOURCES
db:VULHUBid:VHN-78644
db:BIDid:74018
db:JVNDBid:JVNDB-2015-002287
db:CNNVDid:CNNVD-201504-276
db:NVDid:CVE-2015-0698

LAST UPDATE DATE
2025-04-13T23:41:21.373000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-78644date:2017-01-06T00:00:00
db:BIDid:74018date:2015-04-14T00:00:00
db:JVNDBid:JVNDB-2015-002287date:2015-04-16T00:00:00
db:CNNVDid:CNNVD-201504-276date:2015-04-16T00:00:00
db:NVDid:CVE-2015-0698date:2025-04-12T10:46:40.837

SOURCES RELEASE DATE
db:VULHUBid:VHN-78644date:2015-04-15T00:00:00
db:BIDid:74018date:2015-04-14T00:00:00
db:JVNDBid:JVNDB-2015-002287date:2015-04-16T00:00:00
db:CNNVDid:CNNVD-201504-276date:2015-04-16T00:00:00
db:NVDid:CVE-2015-0698date:2015-04-15T10:59:04.580