Cross site scripting

2023-06-2815:15:00

PRIOn knowledge base

www.prio-n.com

cross site scripting

cisco

asyncos software

secure email

web manager

content security management appliance

sma

vulnerability

web-based management

unauthenticated

remote attacker

user input validation

crafted link

arbitrary script code

sensitive information

0.001 Low

EPSS

Percentile

28.3%

JSON

A vulnerability in the web-based management interface of Cisco AsyncOS Software for Cisco Secure Email and Web Manager, formerly known as Content Security Management Appliance (SMA) could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the interface.

This vulnerability is due to insufficient user input validation. An attacker could exploit this vulnerability by persuading a user of an affected interface to click a crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive, browser-based information.

CPENameOperatorVersion
secure_email_and_web_managereq14.0.1-53
secure_email_and_web_managereq15.0.0-256
secure_email_and_web_managereq14.0.1-33
secure_email_and_web_managereq14.0.0-418
secure_email_and_web_managereq15.0.0-50
secure_email_gatewayeq14.0.1-53
secure_email_gatewayeq15.0.0-256
secure_email_gatewayeq14.0.1-33
secure_email_gatewayeq14.0.0-418
secure_email_gatewayeq15.0.0-50

Name	Operator	Version
secure_email_and_web_manager	eq	14.0.1-53
secure_email_and_web_manager	eq	15.0.0-256
secure_email_and_web_manager	eq	14.0.1-33
secure_email_and_web_manager	eq	14.0.0-418
secure_email_and_web_manager	eq	15.0.0-50
secure_email_gateway	eq	14.0.1-53
secure_email_gateway	eq	15.0.0-256
secure_email_gateway	eq	14.0.1-33
secure_email_gateway	eq	14.0.0-418
secure_email_gateway	eq	15.0.0-50