A vulnerability in the web-based management interface of Cisco Email Security Appliance (ESA) Switches could allow an unauthenticated, remote attacker to conduct a persistent cross-site scripting (XSS) attack against a user of the affected interface on an affected device. More Information: CSCvb37346. Known Affected Releases: 9.1.1-036 9.7.1-066.
2016-12-14T00:59:23.020
2025-04-12T10:46:40.837
Deferred
CVSSv3.0: 6.1 (MEDIUM)
AV:N/AC:M/Au:N/C:N/I:P/A:N
8.6
2.9
| Type | Vendor | Product | Version/Range | Vulnerable? |
|---|---|---|---|---|
| Application | cisco | email_security_appliance | 9.1.1-036 | Yes |
| Application | cisco | email_security_appliance | 9.1.2-023 | Yes |
| Application | cisco | email_security_appliance | 9.1.2-028 | Yes |
| Application | cisco | email_security_appliance | 9.1.2-036 | Yes |
| Application | cisco | email_security_appliance | 9.4.0 | Yes |
| Application | cisco | email_security_appliance | 9.4.4-000 | Yes |
| Application | cisco | email_security_appliance | 9.5.0-000 | Yes |
| Application | cisco | email_security_appliance | 9.5.0-201 | Yes |
| Application | cisco | email_security_appliance | 9.6.0-000 | Yes |
| Application | cisco | email_security_appliance | 9.6.0-042 | Yes |
| Application | cisco | email_security_appliance | 9.6.0-051 | Yes |
| Application | cisco | email_security_appliance | 9.7.0-125 | Yes |
| Application | cisco | email_security_appliance | 9.7.1-066 | Yes |
| Application | cisco | email_security_appliance | 9.7.2-046 | Yes |
| Application | cisco | email_security_appliance | 9.7.2-047 | Yes |
| Application | cisco | email_security_appliance | 9.7.2-054 | Yes |