Skip to main content

Content Security Management Appliance CVE-2017-6661

MEDIUM
Cross-site Scripting (XSS) (CWE-79)
2017-06-13 psirt@cisco.com
6.1
CVSS 3.0 · NVD
Share

Severity by source

NVD PRIMARY
6.1 MEDIUM
AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
Required
Scope
Changed
Confidentiality
Low
Integrity
Low
Availability
None

Lifecycle Timeline

1
CVE Published
Jun 13, 2017 - 06:29 cve.org
MEDIUM 6.1

DescriptionCVE.org

A vulnerability in the web-based management interface of Cisco Email Security Appliance (ESA) and Cisco Content Security Management Appliance (SMA) could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web-based management interface of an affected device, aka Message Tracking XSS. More Information: CSCvd30805 CSCvd34861. Known Affected Releases: 10.0.0-203 10.1.0-049.

AnalysisAI

A vulnerability in the web-based management interface of Cisco Email Security Appliance (ESA) and Cisco Content Security Management Appliance (SMA) could allow an unauthenticated, remote attacker to. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Technical ContextAI

This vulnerability is classified as Cross-Site Scripting (XSS) (CWE-79), which allows attackers to inject malicious scripts into web pages viewed by other users. A vulnerability in the web-based management interface of Cisco Email Security Appliance (ESA) and Cisco Content Security Management Appliance (SMA) could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web-based management interface of an affected device, aka Message Tracking XSS. More Information: CSCvd30805 CSCvd34861. Known Affected Releases: 10.0.0-203 10.1.0-049. Affected products include: Cisco Content Security Management Appliance, Cisco Email Security Appliance.

RemediationAI

No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Sanitize all user input, use Content-Security-Policy headers, encode output contextually (HTML, JS, URL). Use frameworks with built-in XSS protection.

CVE-2014-2119 HIGH
8.5 Mar 21

The End User Safelist/Blocklist (aka SLBL) service in Cisco AsyncOS Software for Email Security Appliance (ESA) before 7

CVE-2014-3289 MEDIUM POC
4.3 Jun 10

Cross-site scripting (XSS) vulnerability in the web management interface in Cisco AsyncOS on the Email Security Applianc

CVE-2015-0624 MEDIUM POC
4.3 Feb 21

The web framework in Cisco AsyncOS on Email Security Appliance (ESA), Content Security Management Appliance (SMA), and W

CVE-2015-6321 HIGH
7.8 Nov 06

Cisco AsyncOS before 8.5.7-042, 9.x before 9.1.0-032, 9.1.x before 9.1.1-023, and 9.5.x and 9.6.x before 9.6.0-042 on Em

CVE-2013-5537 HIGH
7.8 Oct 24

The web framework on Cisco Web Security Appliance (WSA), Email Security Appliance (ESA), and Content Security Management

CVE-2013-3395 MEDIUM
6.8 Jul 02

Cross-site request forgery (CSRF) vulnerability in the web framework on Cisco IronPort Web Security Appliance (WSA) devi

CVE-2021-1447 MEDIUM
6.7 May 06

A vulnerability in the user account management system of Cisco AsyncOS for Cisco Content Security Management Appliance (

CVE-2021-1516 MEDIUM
6.5 May 06

A vulnerability in the web-based management interface of Cisco AsyncOS Software for Cisco Content Security Management Ap

CVE-2020-3447 MEDIUM
6.5 Aug 17

A vulnerability in the CLI of Cisco AsyncOS for Cisco Email Security Appliance (ESA) and Cisco AsyncOS for Cisco Content

CVE-2018-0140 MEDIUM
6.5 Feb 08

A vulnerability in the spam quarantine of Cisco Email Security Appliance and Cisco Content Security Management Appliance

CVE-2020-3178 MEDIUM
6.1 May 06

Multiple vulnerabilities in the web-based GUI of Cisco AsyncOS Software for Cisco Content Security Management Appliance

CVE-2018-15393 MEDIUM
6.1 Nov 08

A vulnerability in the web-based management interface of Cisco Content Security Management Appliance (SMA) Software coul

Share

CVE-2017-6661 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy