Cross-Site Scripting Vulnerabilities in Cisco Email Security Appliance
CVE-2015-0734

Currently unrated

Key Information:

Vendor: Cisco
Status: Email Security Appliance Firmware
Vendor: CVE Published:; 15 May 2015

Summary

Multiple cross-site scripting vulnerabilities exist in the Cisco Email Security Appliance (ESA) 8.5.6-106, allowing remote attackers to inject arbitrary web scripts or HTML into the application. Exploitation can occur via unspecified parameters in GET or POST requests, posing a risk for users as it can lead to unauthorized access or manipulation of the application's content. These vulnerabilities require immediate attention to safeguard sensitive information and maintain the integrity of the Cisco Email Security Appliance.

References

http://tools.cisco.com/security/center/viewAlert.x?alertI...

vendor-advisoryx_refsource_CISCO

http://www.securitytracker.com/id/1032333

vdb-entryx_refsource_SECTRACK

Timeline

Vulnerability published
May 15, 2015
Vulnerability Reserved
Jan 7, 2015