A vulnerability in the web-based management interface of Cisco AsyncOS Software for Cisco Secure Email and Web Manager, formerly known as Content Security Management Appliance (SMA) could allow an unauthenticated, remote malicious user to conduct a cross-site scripting (XSS) attack against a user of the interface. This vulnerability is due to insufficient user input validation. An attacker could exploit this vulnerability by persuading a user of an affected interface to click a crafted link. A successful exploit could allow the malicious user to execute arbitrary script code in the context of the affected interface or access sensitive, browser-based information.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
cisco secure email gateway 14.0.1-053 |
||
cisco web security appliance 14.0.1-053 |
||
cisco secure email and web manager 14.0.1-053 |
||
cisco secure email and web manager 15.0.0-256 |
||
cisco secure email gateway 15.0.0-256 |
||
cisco web security appliance 15.0.0-256 |
||
cisco secure email and web manager 14.0.1-033 |
||
cisco secure email gateway 14.0.1-033 |
||
cisco web security appliance 14.0.1-033 |
||
cisco secure email and web manager 14.0.0-418 |
||
cisco secure email gateway 14.0.0-418 |
||
cisco web security appliance 14.0.0-418 |
||
cisco secure email and web manager 15.0.0-050 |
||
cisco secure email gateway 15.0.0-050 |
||
cisco web security appliance 15.0.0-050 |