CVE-2021-1271 MEDIUM

CVE-2021-1271: Cisco Web Security Appliance Stored Cross-Site Scripting Vulnerability

Vendor Cisco
Product Cisco Web Security Appliance (WSA)
Weakness CWE-79 · XSS
Published January 20, 2021
Last update November 12, 2024
View on NVD All CVEs

CVSS base score

4.8/10
Attack vector Network
Attack complexity Low
Privileges required High
User interaction Required
Confidentiality Low
Integrity Low

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N

What the vulnerability does

01Description

A vulnerability in the web-based management interface of Cisco AsyncOS for Cisco Web Security Appliance (WSA) could allow an authenticated, remote attacker to conduct a stored cross-site scripting (XSS) attack against a user of the interface of an affected device. The vulnerability exists because the web-based management interface does not properly validate user-supplied input. An attacker could exploit this vulnerability by inserting malicious data into a specific data field in an affected interface. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface.

Key dates

02Disclosure timeline

January 20, 2021 CVE published
November 12, 2024 Record updated

Related vulnerabilities

04Related CVE

CVE-2024-2392 Blocksy Companion <= 2.0.31 - Authenticated (Contributor+) Stored Cross-Site Scripting CVE-2025-10006 WPBakery Page Builder <= 8.6 - Authenticated (Contributor+) Stored Cross-Site Scripting CVE-2025-6687 Magic Buttons for Elementor <= 1.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via magic-button Shortcode CVE-2025-23897 WordPress Apply with LinkedIn buttons plugin <= 2.3 - Cross Site Scripting (XSS) vulnerability CVE-2025-62068 WordPress e2pdf plugin <= 1.28.09 - Cross Site Scripting (XSS) vulnerability