WEB APPLICATION VULNERABILITIES Standard & Premium

Cisco Adaptive Security Appliance (ASA) XSS (CVE-2020-3580)

Description

A vulnerability in the web services interface of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to conduct cross-site scripting (XSS) attacks against a user of the web services interface of an affected device.

Remediation

Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability.

References

Cisco Adaptive Security Appliance Software and Firepower Threat Defense Software Web Services Interface Cross-Site Scripting Vulnerabilities

Related Vulnerabilities

WordPress Plugin Zendesk Chat Cross-Site Scripting (1.2.5)

WordPress Plugin WP Photo Album 'id' Parameter Cross-Site Scripting (1.5.1)

WordPress Plugin Catchers Helpdesk and Ticket system for Support Cross-Site Scripting (2.6.7)

Joomla! Core 3.x.x Multiple Cross-Site Scripting Vulnerabilities (3.0.0 - 3.8.7)

WordPress Plugin Word Balloon Cross-Site Scripting (4.19.2)

Severity

Medium

Classification

CVE-2020-3580 CWE-79 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:L/VI:L/VA:N/SC:L/SI:L/SA:N

Tags

XSS