CVE-2014-3289

Cross-site scripting (XSS) vulnerability in the web management interface in Cisco AsyncOS on the Email Security Appliance (ESA) 8.0, Web Security Appliance (WSA) 8.0 (.5 Hot Patch 1) and earlier, and Content Security Management Appliance (SMA) 8.3 and earlier allows remote attackers to inject arbitrary web script or HTML via a crafted parameter, as demonstrated by the date_range parameter to monitor/reports/overview on the IronPort ESA, aka Bug IDs CSCun07998, CSCun07844, and CSCun07888.

Severity	MEDIUM
CVSS	4.3
CWE	CWE-79
KEV
Published	11 years ago
Modified	1 week ago

Related Products

Product	Advisory
Cisco Web Security Appliance (WSA)	Cisco-SA-20140609-CVE-2014-3289
Cisco Secure Web Appliance	Cisco-SA-20140609-CVE-2014-3289
Cisco Secure Email and Web Manager	Cisco-SA-20140609-CVE-2014-3289
Cisco Secure Email	Cisco-SA-20140609-CVE-2014-3289
Cisco Email Security Appliance (ESA)	Cisco-SA-20140609-CVE-2014-3289
Cisco Content Security Management Appliance (SMA)	Cisco-SA-20140609-CVE-2014-3289