| Vulnerability Name: | CVE-2015-0577 (CCN-100556) | ||||||||
| Assigned: | 2015-01-14 | ||||||||
| Published: | 2015-01-14 | ||||||||
| Updated: | 2017-09-08 | ||||||||
| Summary: | Multiple cross-site scripting (XSS) vulnerabilities in the IronPort Spam Quarantine (ISQ) page in Cisco AsyncOS, as used on the Cisco Email Security Appliance (ESA) and Content Security Management Appliance (SMA), allow remote attackers to inject arbitrary web script or HTML via unspecified parameters, aka Bug IDs CSCus22925 and CSCup08113. | ||||||||
| CVSS v3 Severity: | 5.3 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N)
| ||||||||
| CVSS v2 Severity: | 4.3 Medium (CVSS v2 Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N) 3.7 Low (Temporal CVSS v2 Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N/E:H/RL:OF/RC:C)
3.7 Low (CCN Temporal CVSS v2 Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N/E:H/RL:OF/RC:C)
| ||||||||
| Vulnerability Type: | CWE-79 | ||||||||
| Vulnerability Consequences: | Cross-Site Scripting | ||||||||
| References: | Source: MITRE Type: CNA CVE-2015-0577 Source: SECUNIA Type: UNKNOWN 62289 Source: CCN Type: Cisco Security Notice Cisco AsyncOS ISQ XSS Vulnerability Source: CISCO Type: Vendor Advisory 20150113 Cisco AsyncOS ISQ XSS Vulnerability Source: BID Type: UNKNOWN 72056 Source: CCN Type: BID-72056 Multiple Cisco Products CVE-2015-0577 Multiple Cross Site Scripting Vulnerabilities Source: SECTRACK Type: UNKNOWN 1031544 Source: XF Type: UNKNOWN cisco-asyncos-cve20150577-xss(100556) Source: XF Type: UNKNOWN cisco-asyncos-cve20150577-xss(100556) | ||||||||
| Vulnerable Configuration: | Configuration 1: Configuration CCN 1:  Denotes that component is vulnerable | ||||||||
| BACK | |||||||||