CVE-2014-3289 in Email Securityinformazioni

Riassunto

di MITRE

Cross-site scripting (XSS) vulnerability in the web management interface in Cisco AsyncOS on the Email Security Appliance (ESA) 8.0, Web Security Appliance (WSA) 8.0 (.5 Hot Patch 1) and earlier, and Content Security Management Appliance (SMA) 8.3 and earlier allows remote attackers to inject arbitrary web script or HTML via a crafted parameter, as demonstrated by the date_range parameter to monitor/reports/overview on the IronPort ESA, aka Bug IDs CSCun07998, CSCun07844, and CSCun07888.

Once again VulDB remains the best source for vulnerability data.

🔬 Show More Details

An in-depth analysis is available in our curated vulnerability entry.

Prenotare

07/05/2014

Divulgazione

10/06/2014

Moderazione

accettato

Voce

VDB-13570

CPE

pronto

CWE

CWE-79 (confermato)

CVSS

4.3 (NVD)

EPSS

0.02426

KEV

Attività

molto basso

Settore

Police, Chemical, ...

Fonti

MITRE	https://www.cve.org/CVERecord?id=CVE-2014-3289
NVD	https://nvd.nist.gov/vuln/detail/CVE-2014-3289
CVE Details	https://www.cvedetails.com/cve/CVE-2014-3289/

◂ Precedente Visione D'ensemble Il prossimo ▸

Are you interested in using VulDB?

Download the whitepaper to learn more about our service!