2 matches found
CVE-2014-3289
CVE-2014-3289 is a reflected XSS vulnerability in Cisco AsyncOS used by ESA, WSA, and SMA. The issue stems from insufficient input validation of the date_range parameter on the web management interface (notably monitor/reports/overview). A remote attacker can inject arbitrary script by tricking a...
Cisco AsyncOS contains a reflected cross-site scripting (XSS) vulnerability
Overview Cisco AsyncOS contains a reflected cross-site scripting XSS vulnerability. Description CWE-79: Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' - CVE-2014-3289 Cisco AsyncOS, the underlying OS for the Cisco Email Security Appliance, Web Security Applianc...