Description
A vulnerability in the web-based management interface of Cisco AsyncOS Software for Cisco Secure Email and Web Manager, Secure Email Gateway, and Secure Web Appliance could allow an authenticated, remote attacker to conduct a stored cross-site scripting (XSS) attack against a user of the interface. This vulnerability is due to insufficient validation of user input. An attacker could exploit this vulnerability by persuading a user of an affected interface to click a crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive, browser-based information.
Problem types
Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS)
Product status
14.0.0-698
14.2.0-620
14.2.1-020
14.3.0-032
15.0.0-104
15.0.1-030
15.5.0-048
15.5.1-055
14.0.0-404
14.1.0-223
14.1.0-227
14.2.0-212
14.2.0-224
14.2.1-020
14.3.0-120
15.0.0-334
15.5.1-024
15.5.1-029
14.1.0-032
14.1.0-047
14.1.0-041
14.0.2-012
14.5.0-498
14.0.3-014
14.0.4-005
14.5.1-008
14.5.1-016
15.0.0-355
15.0.0-322
15.1.0-287
14.5.2-011
15.2.0-116
14.0.5-007
15.2.0-164
14.5.1-510
14.5.1-607
14.5.3-033
References
sec.cloudapps.cisco.com/...cisco-sa-esa-wsa-sma-xss-zYm3f49n (cisco-sa-esa-wsa-sma-xss-zYm3f49n)