CVE-2015-0732
Published Jul 29, 2015
Last updated 6 years ago
Overview
- Description
- Cross-site scripting (XSS) vulnerability in Cisco AsyncOS on the Web Security Appliance (WSA) 9.0.0-193; Email Security Appliance (ESA) 8.5.6-113, 9.1.0-032, 9.1.1-000, and 9.6.0-000; and Content Security Management Appliance (SMA) 9.1.0-033 allows remote attackers to inject arbitrary web script or HTML via an unspecified parameter, aka Bug IDs CSCuu37430, CSCuu37420, CSCut71981, and CSCuv50167.
- Source
- ykramarz@cisco.com
- NVD status
- Modified
Social media
- Hype score
- Not currently trending
Risk scores
CVSS 2.0
- Type
- Primary
- Base score
- 4.3
- Impact score
- 2.9
- Exploitability score
- 8.6
- Vector string
- AV:N/AC:M/Au:N/C:N/I:P/A:N
Weaknesses
- nvd@nist.gov
- CWE-79
Configurations
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:a:cisco:web_security_appliance:9.0.0-193:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "5AD5471D-6A95-4BF2-9ECB-3F7AE74BCE57"
}
],
"operator": "OR"
}
]
},
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:a:cisco:content_security_management_virtual_appliance:9.1.0-033:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "2A06244C-7388-4BD5-A78C-7C0A0F56976B"
}
],
"operator": "OR"
}
]
},
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:o:cisco:email_security_appliance_firmware:8.5.6-113:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "ABF3EA81-9DFA-429B-B144-78D7E987596D"
},
{
"criteria": "cpe:2.3:o:cisco:email_security_appliance_firmware:9.1.0-032:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "9DCC0AA0-9A19-42CC-AE0C-7AAF6BD3F0AF"
},
{
"criteria": "cpe:2.3:o:cisco:email_security_appliance_firmware:9.1.1-000:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "A1926009-91D3-4644-906C-7BDC54CD72A0"
},
{
"criteria": "cpe:2.3:o:cisco:email_security_appliance_firmware:9.6.0-000:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "25F8D05E-43E7-43EA-B5B4-92A0C076723E"
}
],
"operator": "OR"
}
]
}
]