CVE-2023-20119

MEDIUM 6.1

CVSS Score

6.1

EPSS Score

0.0%

EPSS Percentile

0th

A vulnerability in the web-based management interface of Cisco AsyncOS Software for Cisco Secure Email and Web Manager, formerly known as Content Security Management Appliance (SMA) could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the interface. This vulnerability is due to insufficient user input validation. An attacker could exploit this vulnerability by persuading a user of an affected interface to click a crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive, browser-based information.

CWE	CWE-79
Vendor	cisco
Product	cisco secure email and web manager
Ecosystems	Networking
Industries	NetworkingTelecommunications
Published	Jun 28, 2023
Last Updated	Nov 21, 2024

Stay Ahead of the Next One

Get instant alerts for cisco cisco secure email and web manager

Be the first to know when new medium vulnerabilities affecting cisco cisco secure email and web manager are published — delivered to Slack, Telegram or Discord.

Get Free Alerts → Free · No credit card · 60 sec setup

CVSS v3 Breakdown

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

Required

Scope

Changed

Confidentiality

Low

Integrity

Low

Availability

None

Affected Versions

Cisco / Cisco Secure Email and Web Manager

11.0.0-115 11.0.1-161 11.5.1-105 12.0.0-452 12.0.1-011 12.5.0-636 12.5.0-658 12.5.0-678 12.5.0-670 13.0.0-277 13.6.2-078 13.8.1-068 13.8.1-074 13.8.1-108 12.8.1-002 12.8.1-021 14.0.0-404 14.1.0-223 14.1.0-227 14.2.0-212 14.2.0-224 14.2.1-020 14.3.0-120

References

NVD ↗ CVE.org ↗ EPSS Data ↗

sec.cloudapps.cisco.com: https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-esa-sma-wsa-xss-cP9DuEmq