Cross-site scripting (XSS) vulnerability in the web management interface in Cisco AsyncOS on the Email Security Appliance (ESA) 8.0, Web Security Appliance (WSA) 8.0 (.5 Hot Patch 1) and previous versions, and Content Security Management Appliance (SMA) 8.3 and previous versions allows remote malicious users to inject arbitrary web script or HTML via a crafted parameter, as demonstrated by the date_range parameter to monitor/reports/overview on the IronPort ESA, aka Bug IDs CSCun07998, CSCun07844, and CSCun07888.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
cisco ironport_asyncos |
||
cisco web_security_appliance - |
||
cisco content_security_management_appliance - |
||
cisco ironport_asyncos 8.0 |
||
cisco email_security_appliance_firmware - |