Cross-Site Scripting Vulnerability in Cisco IronPort AsyncOS
CVE-2009-1162

Currently unrated

Key Information:

Vendor: Cisco
Status: Ironport Asyncos; Ironport Email Security Appliances
Vendor: CVE Published:; 5 June 2009

Summary

This vulnerability allows remote attackers to exploit the Spam Quarantine login page of Cisco IronPort AsyncOS, potentially injecting arbitrary web scripts or HTML via the referrer parameter. This could lead to unauthorized actions or the manipulation of user data, posing a significant risk to affected users.

References

http://secunia.com/advisories/34895

third-party-advisoryx_refsource_SECUNIA

http://www.securityfocus.com/bid/35203

vdb-entryx_refsource_BID

https://exchange.xforce.ibmcloud.com/vulnerabilities/50948

vdb-entryx_refsource_XF

Timeline

Vulnerability published
Jun 5, 2009
Vulnerability Reserved
Mar 26, 2009