CVE-2015-0577: XSS
First published: Wed Jan 14 2015(Updated: )
Multiple cross-site scripting (XSS) vulnerabilities in the IronPort Spam Quarantine (ISQ) page in Cisco AsyncOS, as used on the Cisco Email Security Appliance (ESA) and Content Security Management Appliance (SMA), allow remote attackers to inject arbitrary web script or HTML via unspecified parameters, aka Bug IDs CSCus22925 and CSCup08113.
Credit: ykramarz@cisco.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Cisco AsyncOS Software |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2015-0577?
CVE-2015-0577 is rated as a medium severity vulnerability.
How do I fix CVE-2015-0577?
To mitigate CVE-2015-0577, upgrade your Cisco AsyncOS to a version that includes patches for this vulnerability.
What systems are affected by CVE-2015-0577?
CVE-2015-0577 affects Cisco AsyncOS used on the Cisco Email Security Appliance (ESA) and Content Security Management Appliance (SMA).
What types of attacks can be carried out with CVE-2015-0577?
CVE-2015-0577 allows remote attackers to perform cross-site scripting (XSS) attacks.
Is CVE-2015-0577 publicly known?
Yes, CVE-2015-0577 is a publicly disclosed vulnerability.
- agent/tags
- agent/event
- agent/severity
- agent/type
- agent/description
- agent/last-modified-date
- agent/softwarecombine
- agent/first-publish-date
- collector/nvd-index
- agent/software-canonical-lookup-request
- agent/weakness
- agent/author
- agent/references
- vendor/cisco
- canonical/cisco asyncos software