CVE-2015-0732

CWE-79 — Cross-site Scripting (XSS)4 documents4 sources

Severity

4.3MEDIUM

EPSS

0.3%

top 46.98%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Cisco Content Security Management Virtual Appliance Cisco Email Security Appliance Firmware Cisco WEB Security Appliance

Timeline

PublishedJul 29

Latest updateMay 14

Description

Cross-site scripting (XSS) vulnerability in Cisco AsyncOS on the Web Security Appliance (WSA) 9.0.0-193; Email Security Appliance (ESA) 8.5.6-113, 9.1.0-032, 9.1.1-000, and 9.6.0-000; and Content Security Management Appliance (SMA) 9.1.0-033 allows remote attackers to inject arbitrary web script or HTML via an unspecified parameter, aka Bug IDs CSCuu37430, CSCuu37420, CSCut71981, and CSCuv50167.

CVSS vector

AV:N/AC:M/C:N/I:P/A:NExploitability: 8.6 | Impact: 2.9

Affected Packages3 packages

▶NVDcisco/content_security_management_virtual_appliance9.1.0-033

▶NVDcisco/email_security_appliance_firmware4 versions+3

▶NVDcisco/web_security_appliance9.0.0-193

🔴Vulnerability Details

GHSA

GHSA-gqjx-7255-cq83: Cross-site scripting (XSS) vulnerability in Cisco AsyncOS on the Web Security Appliance (WSA) 9↗2022-05-14

▶

CVEList

CVE-2015-0732: Cross-site scripting (XSS) vulnerability in Cisco AsyncOS on the Web Security Appliance (WSA) 9↗2015-07-29

▶

📋Vendor Advisories

Cisco

Cisco Email Security Appliance AsyncOS Cross-Site Scripting Vulnerability↗2015-07-27

▶