CVE-2015-0698

Name of the Vulnerable Software and Affected Versions Cisco Web Security Appliance (WSA) versions 8.5.0-497

Description The issue concerns multiple cross-site scripting (XSS) vulnerabilities in filter search forms on admin web pages. These vulnerabilities allow remote attackers to inject arbitrary web script or HTML via a crafted URL.

Recommendations For version 8.5.0-497, update to a newer version that contains a fix for this issue. As a temporary workaround, consider restricting access to the admin web pages to minimize the risk of exploitation. Avoid using the vulnerable filter search forms in the admin web pages until the issue is resolved.