CVE-2023-20028
Cisco Secure Email Gateway, Cisco Secure Email and Web Manager, and Cisco Secure Web Appliance Cross-Site Scripting Vulnerabilities
CVSS Score
5.4
EPSS Score
0.0%
EPSS Percentile
0th
Multiple vulnerabilities in the web-based management interface of Cisco AsyncOS Software for Cisco Secure Email and Web Manager; Cisco Secure Email Gateway, formerly Cisco Email Security Appliance (ESA); and Cisco Secure Web Appliance, formerly Cisco Web Security Appliance (WSA), could allow a remote attacker to conduct a cross-site scripting (XSS) attack against a user of the interface. For more information about these vulnerabilities, see the Details section of this advisory.
| CWE | CWE-79 |
| Vendor | cisco |
| Product | cisco web security appliance (wsa) |
| Ecosystems | |
| Industries | NetworkingTelecommunications |
| Published | Jun 28, 2023 |
| Last Updated | Oct 25, 2024 |
Stay Ahead of the Next One
Get instant alerts for cisco cisco web security appliance (wsa)
Be the first to know when new medium vulnerabilities affecting cisco cisco web security appliance (wsa) are published โ delivered to Slack, Telegram or Discord.
Get Free Alerts โ
Free ยท No credit card ยท 60 sec setup
CVSS v3 Breakdown
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N Attack Vector
Network
Attack Complexity
Low
Privileges Required
Low
User Interaction
Required
Scope
Changed
Confidentiality
Low
Integrity
Low
Availability
None
Affected Versions
Cisco / Cisco Web Security Appliance (WSA)
n/a