CVE-2016-1423

CWE-79Cross-site Scripting (XSS)4 documents4 sources
Severity
6.1MEDIUM
EPSS
0.5%
top 32.21%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Cisco Email Security Appliance
Timeline
PublishedOct 28
Latest updateMay 17

Description

A vulnerability in the display of email messages in the Messages in Quarantine (MIQ) view in Cisco AsyncOS for Cisco Email Security Appliance (ESA) could allow an unauthenticated, remote attacker to cause a user to click a malicious link in the MIQ view. The malicious link could be used to facilitate a cross-site scripting (XSS) or HTML injection attack. More Information: CSCuz02235. Known Affected Releases: 8.0.2-069. Known Fixed Releases: 9.1.1-038 9.7.2-047.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:NExploitability: 2.8 | Impact: 2.7

Affected Packages2 packages

NVDcisco/email_security_appliance11 versions+10
CVEListV5cisco_asyncos_8.0.2-069Cisco AsyncOS 8.0.2-069

🔴Vulnerability Details

2
GHSA
GHSA-9rr5-hm34-qcfm: A vulnerability in the display of email messages in the Messages in Quarantine (MIQ) view in Cisco AsyncOS for Cisco Email Security Appliance (ESA) co2022-05-17
CVEList
CVE-2016-1423: A vulnerability in the display of email messages in the Messages in Quarantine (MIQ) view in Cisco AsyncOS for Cisco Email Security Appliance (ESA) co2016-10-28

📋Vendor Advisories

1
Cisco
Cisco Email Security Appliance Quarantine Email Rendering Vulnerability2016-10-26
CVE-2016-1423 (MEDIUM CVSS 6.1) | A vulnerability in the display of e | cvebase.io