A vulnerability in the web-based management interface of Cisco AsyncOS Software for Cisco Secure Email Gateway could allow an authenticated, remote attacker to conduct an XSS attack against a user of the interface.r This vulnerability is due to insufficient validation of user input. An attacker could exploit this vulnerability by persuading a user of an affected interface to click a crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive, browser-based information.
2024-05-15T18:15:08.967
2025-08-06T16:56:50.350
Analyzed
CVSSv3.1: 4.8 (MEDIUM)
| Type | Vendor | Product | Version/Range | Vulnerable? |
|---|---|---|---|---|
| Operating System | cisco | asyncos | 11.0.3-238 | Yes |
| Operating System | cisco | asyncos | 11.1.0-069 | Yes |
| Operating System | cisco | asyncos | 11.1.0-128 | Yes |
| Operating System | cisco | asyncos | 11.1.0-131 | Yes |
| Operating System | cisco | asyncos | 12.0.0-419 | Yes |
| Operating System | cisco | asyncos | 12.1.0-071 | Yes |
| Operating System | cisco | asyncos | 12.1.0-087 | Yes |
| Operating System | cisco | asyncos | 12.1.0-089 | Yes |
| Operating System | cisco | asyncos | 12.5.0-066 | Yes |
| Operating System | cisco | asyncos | 12.5.3-041 | Yes |
| Operating System | cisco | asyncos | 12.5.4-041 | Yes |
| Operating System | cisco | asyncos | 13.0.0-392 | Yes |
| Operating System | cisco | asyncos | 13.0.5-007 | Yes |
| Operating System | cisco | asyncos | 13.5.1-277 | Yes |
| Operating System | cisco | asyncos | 13.5.4-038 | Yes |
| Operating System | cisco | asyncos | 14.0.0-698 | Yes |
| Operating System | cisco | asyncos | 14.2.0-620 | Yes |
| Operating System | cisco | asyncos | 14.2.1-020 | Yes |
| Operating System | cisco | asyncos | 14.3.0-032 | Yes |
| Operating System | cisco | asyncos | 15.0.0-104 | Yes |
| Operating System | cisco | asyncos | 15.0.1-030 | Yes |
| Operating System | cisco | asyncos | 15.5.0-048 | Yes |
| Application | cisco | secure_email_gateway_virtual_appliance_c100v | - | No |
| Application | cisco | secure_email_gateway_virtual_appliance_c300v | - | No |
| Application | cisco | secure_email_gateway_virtual_appliance_c600v | - | No |
| Hardware | cisco | secure_email_gateway_c195 | - | No |
| Hardware | cisco | secure_email_gateway_c395 | - | No |
| Hardware | cisco | secure_email_gateway_c695 | - | No |