CVE-2016-1423

MEDIUM

Cisco AsyncOS - XSS

Title source: llm

Description

A vulnerability in the display of email messages in the Messages in Quarantine (MIQ) view in Cisco AsyncOS for Cisco Email Security Appliance (ESA) could allow an unauthenticated, remote attacker to cause a user to click a malicious link in the MIQ view. The malicious link could be used to facilitate a cross-site scripting (XSS) or HTML injection attack. More Information: CSCuz02235. Known Affected Releases: 8.0.2-069. Known Fixed Releases: 9.1.1-038 9.7.2-047.

References (3)

Scores

CVSS v3 6.1
EPSS 0.0054
EPSS Percentile 67.5%
Attack Vector NETWORK
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Classification

CWE
CWE-79
Status published

Affected Products (12)

cisco/email_security_appliance
cisco/email_security_appliance
cisco/email_security_appliance
cisco/email_security_appliance
cisco/email_security_appliance
cisco/email_security_appliance
cisco/email_security_appliance
cisco/email_security_appliance
cisco/email_security_appliance
cisco/email_security_appliance
cisco/email_security_appliance
n/a/Cisco AsyncOS 8.0.2-069 < Cisco AsyncOS 8.0.2-069

Timeline

Published Oct 28, 2016
Tracked Since Feb 18, 2026