A vulnerability in the web-based management interface of Cisco AsyncOS Software for Cisco Secure Email and Web Manager could allow an authenticated, remote attacker to conduct an XSS attack against a user of the interface. This vulnerability is due to insufficient validation of user input. An attacker could exploit this vulnerability by persuading a user of an affected interface to click a crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive, browser-based information.
2024-05-15T18:15:09.910
2025-08-08T13:15:28.507
Modified
CVSSv3.1: 4.8 (MEDIUM)
| Type | Vendor | Product | Version/Range | Vulnerable? |
|---|---|---|---|---|
| Operating System | cisco | asyncos | < 15.5.1-024 | Yes |
| Application | cisco | secure_email_and_web_manager_virtual_appliance_m100v | - | No |
| Application | cisco | secure_email_and_web_manager_virtual_appliance_m300v | - | No |
| Application | cisco | secure_email_and_web_manager_virtual_appliance_m600v | - | No |
| Hardware | cisco | secure_email_and_web_manager_m170 | - | No |
| Hardware | cisco | secure_email_and_web_manager_m190 | - | No |
| Hardware | cisco | secure_email_and_web_manager_m195 | - | No |
| Hardware | cisco | secure_email_and_web_manager_m380 | - | No |
| Hardware | cisco | secure_email_and_web_manager_m390 | - | No |
| Hardware | cisco | secure_email_and_web_manager_m390x | - | No |
| Hardware | cisco | secure_email_and_web_manager_m395 | - | No |
| Hardware | cisco | secure_email_and_web_manager_m680 | - | No |
| Hardware | cisco | secure_email_and_web_manager_m690 | - | No |
| Hardware | cisco | secure_email_and_web_manager_m690x | - | No |
| Hardware | cisco | secure_email_and_web_manager_m695 | - | No |