CVE-2022-20960

A vulnerability in Cisco AsyncOS Software for Cisco Email Security Appliance ESA could allow an unauthenticated remote attacker to cause a denial of service DoS condition on an affected device. This vulnerability is due to improper handling of certain TLS connections that are processed by an...

Secure Email Gateway XSS (cisco-sa-esa-wsa-sma-xss-zYm3f49n)

According to its self-reported version, Secure Email Gateway is affected by a vulnerability. - A vulnerability in the web-based management interface of Cisco AsyncOS Software for Cisco Secure Email and Web Manager, Secure Email Gateway, and Secure Web Appliance could allow an authenticated, remot...

Secure Web Appliance XSS (cisco-sa-esa-wsa-sma-xss-zYm3f49n)

According to its self-reported version, Secure Web Appliance is affected by a vulnerability. - A vulnerability in the web-based management interface of Cisco AsyncOS Software for Cisco Secure Email and Web Manager, Secure Email Gateway, and Secure Web Appliance could allow an authenticated, remot...

Cisco Secure Web Appliance XSS (cisco-sa-esa-sma-wsa-xss-bgG5WHOD)

A vulnerability in the web-based management interface of Cisco AsyncOS Software for Cisco Secure Web Appliance could allow an authenticated, remote attacker to conduct an XSS attack against a user of the interface. This vulnerability is due to insufficient validation of user input. An attacker...

CVE-2024-20392

A vulnerability in the web-based management API of Cisco AsyncOS Software for Cisco Secure Email Gateway could allow an unauthenticated, remote attacker to conduct an HTTP response splitting attack. This vulnerability is due to insufficient input validation of some parameters that are passed to t...

CVE-2024-20256

The CVE-2024-20256 entry concerns Cisco AsyncOS Web UI vulnerabilities in Cisco Secure Email and Web Manager and Secure Web Appliance. The issue stems from insufficient input validation in the web-based management interface, allowing an authenticated, remote attacker to lure a user into clicking ...

CVE-2024-20256

A vulnerability in the web-based management interface of Cisco AsyncOS Software for Cisco Secure Email and Web Manager and Secure Web Appliance could allow an authenticated, remote attacker to conduct an XSS attack against a user of the interface. This vulnerability is due to insufficient...

CVE-2024-20258

A vulnerability in the web-based management interface of Cisco AsyncOS Software for Cisco Secure Email and Web Manager and Secure Email Gateway could allow an unauthenticated, remote attacker to conduct an XSS attack against a user of the interface. This vulnerability is due to insufficient...

CVE-2024-20258

Cisco AsyncOS Software for Cisco Secure Email and Web Manager and Secure Email Gateway has a web-based management interface vulnerability that enables cross-site scripting (XSS) due to insufficient input validation. An unauthenticated, remote attacker could lure a user to click a crafted link, al...

Cisco Secure Web Appliance Content Encoding Filter Bypass (cisco-sa-wsa-bypass-vXvqwzsj)

According to its self-reported version, the scanning engines of Cisco AsyncOS Software for Cisco Secure Web Appliance could allow an unauthenticated, remote attacker to bypass a configured rule, allowing traffic onto a network that should have been blocked. This vulnerability is due to improper...

CVE-2023-20215

A vulnerability in the scanning engines of Cisco AsyncOS Software for Cisco Secure Web Appliance could allow an unauthenticated, remote attacker to bypass a configured rule, allowing traffic onto a network that should have been blocked. This vulnerability is due to improper detection of malicious...

CVE-2023-20215

CVE-2023-20215 affects Cisco AsyncOS for Cisco Secure Web Appliance. The vulnerability lies in the scanning engines’ handling of certain content-encodings (deflate, and by default lzma/brotli in some cases), enabling an unauthenticated, remote attacker to bypass an explicit block rule and cause t...

Cisco Secure Web Appliance Content Encoding Filter Bypass Vulnerability

A vulnerability in the scanning engines of Cisco AsyncOS Software for Cisco Secure Web Appliance could allow an unauthenticated, remote attacker to bypass a configured rule, allowing traffic onto a network that should have been blocked. This vulnerability is due to improper detection of malicious...

Cross site scripting

A vulnerability in the web-based management interface of Cisco AsyncOS Software for Cisco Secure Email and Web Manager, formerly known as Content Security Management Appliance SMA could allow an unauthenticated, remote attacker to conduct a cross-site scripting XSS attack against a user of the...

CVE-2023-20120 Cisco Secure Email Gateway, Cisco Secure Email and Web Manager, and Cisco Secure Web Appliance Cross-Site Scripting Vulnerabilities

Multiple vulnerabilities in the web-based management interface of Cisco AsyncOS Software for Cisco Secure Email and Web Manager; Cisco Secure Email Gateway, formerly Cisco Email Security Appliance ESA; and Cisco Secure Web Appliance, formerly Cisco Web Security Appliance WSA, could allow a remote...

CVE-2023-20120 Cisco Secure Email Gateway, Cisco Secure Email and Web Manager, and Cisco Secure Web Appliance Cross-Site Scripting Vulnerabilities

Multiple vulnerabilities in the web-based management interface of Cisco AsyncOS Software for Cisco Secure Email and Web Manager; Cisco Secure Email Gateway, formerly Cisco Email Security Appliance ESA; and Cisco Secure Web Appliance, formerly Cisco Web Security Appliance WSA, could allow a remote...

多款Cisco产品 跨站脚本漏洞

The Cisco Email Security Appliance ESA is an email security appliance from Cisco in the U.S. AsyncOS Software is the operating system that runs on it. A security vulnerability exists in Cisco AsyncOS Software that stems from a stored cross-site scripting XSS vulnerability. Affected products: Cisc...

多款Cisco产品 跨站脚本漏洞

The Cisco Email Security Appliance ESA is an email security appliance from Cisco in the U.S. AsyncOS Software is the operating system that runs on it. A security vulnerability exists in Cisco AsyncOS Software that stems from a stored cross-site scripting XSS vulnerability. Affected products: Cisc...

CVE-2023-20028

Cisco AsyncOS Software for Cisco Secure Email and Web Manager, Cisco Secure Email Gateway (ESA) and Cisco Secure Web Appliance (WSA) web-based management interfaces are affected by cross-site scripting vulnerabilities due to insufficient input validation. The issues enable remote attackers to del...

CVE-2023-20120

Cisco CVE-2023-20120 covers multiple XSS vulnerabilities in the web-based management interfaces of Cisco AsyncOS Software used by Cisco Secure Email and Web Manager, Cisco Secure Email Gateway (ESA), and Cisco Secure Web Appliance (WSA). The issues arise from insufficient input validation in the ...