Vulnerability Details : CVE-2015-0577
Multiple cross-site scripting (XSS) vulnerabilities in the IronPort Spam Quarantine (ISQ) page in Cisco AsyncOS, as used on the Cisco Email Security Appliance (ESA) and Content Security Management Appliance (SMA), allow remote attackers to inject arbitrary web script or HTML via unspecified parameters, aka Bug IDs CSCus22925 and CSCup08113.
Vulnerability category: Cross site scripting (XSS)
Products affected by CVE-2015-0577
- cpe:2.3:o:cisco:asyncos:-:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2015-0577
0.33%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 53 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2015-0577
| Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
|---|---|---|---|---|---|---|
|
4.3
|
MEDIUM | AV:N/AC:M/Au:N/C:N/I:P/A:N |
8.6
|
2.9
|
NIST |
CWE ids for CVE-2015-0577
-
The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.Assigned by: nvd@nist.gov (Primary)
References for CVE-2015-0577
-
https://exchange.xforce.ibmcloud.com/vulnerabilities/100556
Multiple Cisco Products IronPort Spam Quarantine cross-site scripting CVE-2015-0577 Vulnerability Report
-
http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2015-0577
Cisco AsyncOS ISQ XSS VulnerabilityVendor Advisory
-
http://www.securityfocus.com/bid/72056
Multiple Cisco Products CVE-2015-0577 Multiple Cross Site Scripting Vulnerabilities
-
http://secunia.com/advisories/62289
Sign in
-
http://www.securitytracker.com/id/1031544
Cisco Email Security Appliance Input Validation Flaw in Spam Quarantine Page Permits Cross-Site Scripting Attacks - SecurityTracker
Jump to