XSS in Cisco Content_security_management_appliance
CVE-2014-3289
Cross-site scripting (XSS) vulnerability in the web management interface in Cisco AsyncOS on the Email Security Appliance (ESA) 8.0, Web Security Appliance (WSA) 8.0 (.5 Hot Patch 1) and earlier, and Content Security Management Appliance (…
Vulnerability class: XSS (Cross-Site Scripting)
EPSS: 0.007 (71.5th percentile) — read the EPSS interpretation.
Affected products
- Cisco Content_security_management_appliance
- Cisco Email_security_appliance_firmware
- Cisco Ironport_asyncos — versions 8.0
- Cisco Web_security_appliance
- N/a — versions n/a
Weakness classification (CWE)
References
- 1030407 (Third Party Advisory, VDB Entry, vdb-entry, x_refsource_SECTRACK)
- VU#613308 (x_refsource_CERT-VN, third-party-advisory)
- psirt@cisco.com (x_refsource_MISC)
- 20140609 Cisco AsyncOS Cross-Site Scripting Vulnerability CVE-2014-3289 (mailing-list, Exploit, x_refsource_FULLDISC, Third Party Advisory, VDB Entry)
- psirt@cisco.com (x_refsource_CONFIRM, Vendor Advisory)
- 58296 (Permissions Required, x_refsource_SECUNIA, third-party-advisory)
- 20140609 Cisco AsyncOS Cross-Site Scripting Vulnerability (x_refsource_CISCO, vendor-advisory, Vendor Advisory)
- 67943 (Third Party Advisory, VDB Entry, vdb-entry, x_refsource_BID)