The vulnerability in the web interface of the Cisco AsyncOS operating system allows for XSS attacks against Cisco Secure Email and Web Manager, as well as Secure Web Appliance. This vulnerability enables attackers to carry out XSS attacks.

The vulnerability in the Cisco AsyncOS operating system web interface for Cisco Secure Email and Web Manager, as well as Secure Web Appliance, exists due to the lack of protective measures taken against the structure of the web pages. Exploiting this vulnerability allows a malicious actor to carr...

The vulnerability in the implementation of the application software interface of the Cisco AsyncOS operating system of the Cisco Secure Email Gateway (formerly known as Cisco Email Security Appliance) allows a attacker to carry out XSS attacks.

The vulnerability of the application programming interface of the Cisco AsyncOS operating system in the Cisco Secure Email Gateway formerly Cisco Email Security Appliance security system is related to the failure to handle CRLF sequences in HTTP headers. Exploiting this vulnerability allows a...

The vulnerability in the web interface of the Cisco AsyncOS operating system allows for XSS attacks by attackers, enabling them to carry out cross-site scripting attacks.

The vulnerability in the Cisco AsyncOS operating system’s web interface exists due to the lack of security measures taken to protect the structure of the web pages. Exploiting this vulnerability allows a malicious actor to carry out XSS attacks remotely...

Cisco Secure Web Appliance XSS (cisco-sa-esa-sma-wsa-xss-bgG5WHOD)

A vulnerability in the web-based management interface of Cisco AsyncOS Software for Cisco Secure Web Appliance could allow an authenticated, remote attacker to conduct an XSS attack against a user of the interface. This vulnerability is due to insufficient validation of user input. An attacker...

CVE-2024-20392

A vulnerability in the web-based management API of Cisco AsyncOS Software for Cisco Secure Email Gateway could allow an unauthenticated, remote attacker to conduct an HTTP response splitting attack. This vulnerability is due to insufficient input validation of some parameters that are passed to t...

CVE-2024-20392

A vulnerability in the web-based management API of Cisco AsyncOS Software for Cisco Secure Email Gateway could allow an unauthenticated, remote attacker to conduct an HTTP response splitting attack. This vulnerability is due to insufficient input validation of some parameters that are passed to t...

CVE-2024-20258

A vulnerability in the web-based management interface of Cisco AsyncOS Software for Cisco Secure Email and Web Manager and Secure Email Gateway could allow an unauthenticated, remote attacker to conduct an XSS attack against a user of the interface. This vulnerability is due to insufficient...

CVE-2024-20383

A vulnerability in the web-based management interface of Cisco AsyncOS Software for Cisco Secure Email and Web Manager could allow an authenticated, remote attacker to conduct an XSS attack against a user of the interface. This vulnerability is due to insufficient validation of user input. An...

CVE-2024-20258

A vulnerability in the web-based management interface of Cisco AsyncOS Software for Cisco Secure Email and Web Manager and Secure Email Gateway could allow an unauthenticated, remote attacker to conduct an XSS attack against a user of the interface. This vulnerability is due to insufficient...

CVE-2024-20256

A vulnerability in the web-based management interface of Cisco AsyncOS Software for Cisco Secure Email and Web Manager and Secure Web Appliance could allow an authenticated, remote attacker to conduct an XSS attack against a user of the interface. This vulnerability is due to insufficient...

CVE-2024-20257

A vulnerability in the web-based management interface of Cisco AsyncOS Software for Cisco Secure Email Gateway could allow an authenticated, remote attacker to conduct an XSS attack against a user of the interface.r This vulnerability is due to insufficient validation of user input. An attacker...

CVE-2024-20256

The CVE-2024-20256 entry concerns Cisco AsyncOS Web UI vulnerabilities in Cisco Secure Email and Web Manager and Secure Web Appliance. The issue stems from insufficient input validation in the web-based management interface, allowing an authenticated, remote attacker to lure a user into clicking ...

CVE-2024-20256

A vulnerability in the web-based management interface of Cisco AsyncOS Software for Cisco Secure Email and Web Manager and Secure Web Appliance could allow an authenticated, remote attacker to conduct an XSS attack against a user of the interface. This vulnerability is due to insufficient...

CVE-2024-20258

A vulnerability in the web-based management interface of Cisco AsyncOS Software for Cisco Secure Email and Web Manager and Secure Email Gateway could allow an unauthenticated, remote attacker to conduct an XSS attack against a user of the interface. This vulnerability is due to insufficient...

CVE-2024-20258

Cisco AsyncOS Software for Cisco Secure Email and Web Manager and Secure Email Gateway has a web-based management interface vulnerability that enables cross-site scripting (XSS) due to insufficient input validation. An unauthenticated, remote attacker could lure a user to click a crafted link, al...

Cisco Secure Email and Web Manager, Secure Email Gateway, and Secure Web Appliance Cross-Site Scripting Vulnerabilities

Multiple vulnerabilities in the web-based management interface of Cisco AsyncOS Software for Cisco Secure Email and Web Manager; Secure Email Gateway, formerly Email Security Appliance ESA; and Secure Web Appliance could allow a remote attacker to conduct a cross-site scripting XSS attack against...

PT-2024-4562 · Cisco · Cisco Asyncos

Name of the Vulnerable Software and Affected Versions: Cisco AsyncOS Software for Cisco Secure Email and Web Manager and Secure Email Gateway affected versions not specified Description: A vulnerability in the web-based management interface could allow an unauthenticated, remote attacker to condu...

Cisco AsyncOS 安全漏洞

Cisco AsyncOS is an operating system for Cisco devices from Cisco USA. A security vulnerability exists in Cisco AsyncOS Software for Cisco Secure Email Gateway, which arises from insufficient validation of user input, allowing an authenticated, remote attacker to conduct a cross-site scripting...

Cisco AsyncOS 安全漏洞

Cisco AsyncOS is an operating system for Cisco devices from Cisco USA. A security vulnerability exists in Cisco AsyncOS that stems from insufficient input validation of certain parameters passed to the Web-based management API of an affected system, allowing an unauthenticated, remote attacker to...

Cisco AsyncOS 安全漏洞

Cisco AsyncOS is an operating system for Cisco devices from Cisco USA. A security vulnerability exists in Cisco AsyncOS Software for Cisco Secure Email, Web Manager, and Secure Email Gateway, which arises from insufficient validation of user input, allowing an authenticated, remote attacker to...