Multiple XSS Vulnerabilities in Cisco Email Security Appliance and Content Security Management Appliance
CVE-2015-0577

Currently unrated

Key Information:

Vendor: Cisco
Status: Asyncos
Vendor: CVE Published:; 14 January 2015

Summary

Multiple cross-site scripting (XSS) vulnerabilities exist in the IronPort Spam Quarantine (ISQ) management page within Cisco AsyncOS. These vulnerabilities permit remote attackers to inject arbitrary web scripts or HTML by exploiting unspecified parameters. This could potentially allow for unauthorized actions or information disclosure on behalf of the user within the affected applications.

References

http://secunia.com/advisories/62289

third-party-advisoryx_refsource_SECUNIA

http://tools.cisco.com/security/center/content/CiscoSecur...

vendor-advisoryx_refsource_CISCO

https://exchange.xforce.ibmcloud.com/vulnerabilities/100556

vdb-entryx_refsource_XF

Timeline

Vulnerability published
Jan 14, 2015
Vulnerability Reserved
Jan 7, 2015