Vulnslist

Cisco product, release, and evidence lookup

CVE-2015-0577

Multiple cross-site scripting (XSS) vulnerabilities in the IronPort Spam Quarantine (ISQ) page in Cisco AsyncOS, as used on the Cisco Email Security Appliance (ESA) and Content Security Management Appliance (SMA), allow remote attackers to inject arbitrary web script or HTML via unspecified parameters, aka Bug IDs CSCus22925 and CSCup08113.

Data: Cisco advisories · Cisco CSAF · NVD CVEs · NVD CPEs · CISA KEV · EPSS

SeverityMEDIUM
CVSS4.3
EPSS-
CWECWE-79
KEV
Published
Modified

Products with public affected evidence

Product Advisory Affected evidence
Cisco Secure Email Cisco-SA-20150114-CVE-2015-0577 structured affected CSAF product_status
Cisco Secure Email and Web Manager Cisco-SA-20150114-CVE-2015-0577 structured affected CSAF product_status