CVE-2015-0577

Currently unrated

Key Information:

Vendor: Cisco
Status: Asyncos
Vendor: CVE Published:; 14 January 2015

Summary

Multiple cross-site scripting (XSS) vulnerabilities in the IronPort Spam Quarantine (ISQ) page in Cisco AsyncOS, as used on the Cisco Email Security Appliance (ESA) and Content Security Management Appliance (SMA), allow remote attackers to inject arbitrary web script or HTML via unspecified parameters, aka Bug IDs CSCus22925 and CSCup08113.

References

http://secunia.com/advisories/62289

third-party-advisoryx_refsource_SECUNIA

http://tools.cisco.com/security/center/content/CiscoSecur...

vendor-advisoryx_refsource_CISCO

https://exchange.xforce.ibmcloud.com/vulnerabilities/100556

vdb-entryx_refsource_XF

Timeline

Vulnerability published
Jan 14, 2015
Vulnerability Reserved
Jan 7, 2015