What is CVE-2016-1423?

CVE-2016-1423 is a medium-severity vulnerability in Cisco Email_security_appliance, classified under Cross-site Scripting. CVSS score: 6.1/10. Published 2016-10-28.

How severe is CVE-2016-1423?

Medium severity. CVSS v3 base score is 6.1 out of 10.

XSS in Cisco Email_security_appliance

CVE-2016-1423

A vulnerability in the display of email messages in the Messages in Quarantine (MIQ) view in Cisco AsyncOS for Cisco Email Security Appliance (ESA) could allow an unauthenticated, remote attacker to cause a user to click a malicious link i…

Vulnerability class: XSS (Cross-Site Scripting)

EPSS: 0.005 (68.2th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 6.1 (Medium). Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N.

Affected products

Cisco Email_security_appliance — versions 8.9.0, 8.9.1-000, 8.9.2-032
N/a Cisco Asyncos 8.0.2-069 — versions Cisco AsyncOS 8.0.2-069

Weakness classification (CWE)

CWE-79 — Cross-site Scripting

References

psirt@cisco.com (x_refsource_CONFIRM, Vendor Advisory)
1037113 (vdb-entry, x_refsource_SECTRACK)
93912 (vdb-entry, x_refsource_BID)

Frequently asked questions

What is CVE-2016-1423?: CVE-2016-1423 is a medium-severity vulnerability in Cisco Email_security_appliance, classified under Cross-site Scripting. CVSS score: 6.1/10. Published 2016-10-28.
How severe is CVE-2016-1423?: Medium severity. CVSS v3 base score is 6.1 out of 10.