XSS in Cisco Content_security_management_virtual_appliance
CVE-2015-0732
Cross-site scripting (XSS) vulnerability in Cisco AsyncOS on the Web Security Appliance (WSA) 9.0.0-193; Email Security Appliance (ESA) 8.5.6-113, 9.1.0-032, 9.1.1-000, and 9.6.0-000; and Content Security Management Appliance (SMA) 9.1.0-0…
Vulnerability class: XSS (Cross-Site Scripting)
EPSS: 0.003 (53.3th percentile) — read the EPSS interpretation.
Affected products
- Cisco Content_security_management_virtual_appliance — versions 9.1.0-033
- Cisco Email_security_appliance_firmware — versions 8.5.6-113, 9.1.0-032, 9.1.1-000
- Cisco Web_security_appliance — versions 9.0.0-193
- N/a — versions n/a
Weakness classification (CWE)
References
- 1033086 (vdb-entry, x_refsource_SECTRACK)
- 20150727 Cisco Email Security Appliance AsyncOS Cross-Site Scripting Vulnerability (x_refsource_CISCO, vendor-advisory, Vendor Advisory)
- 1033087 (vdb-entry, x_refsource_SECTRACK)