Описание
Cross-site scripting (XSS) vulnerability in the management interface on the Cisco IronPort Encryption Appliance with software before 6.5.3 allows remote attackers to inject arbitrary web script or HTML via the header parameter to the default URI under admin/, aka bug ID 72410.
Комментарий
Additional information can be found at: http://www.secureworks.com/research/advisories/SWRX-2012-001/
Уязвимые конфигурации
Конфигурация 1Версия до 6.5.2.2 (включая)
Одно из
cpe:2.3:h:cisco:ironport_encryption_appliance:*:*:*:*:*:*:*:*
cpe:2.3:h:cisco:ironport_encryption_appliance:4.2.1-22.2.i386:*:*:*:*:*:*:*
cpe:2.3:h:cisco:ironport_encryption_appliance:4.2.1-22.i386:*:*:*:*:*:*:*
cpe:2.3:h:cisco:ironport_encryption_appliance:5.2:*:*:*:*:*:*:*
cpe:2.3:h:cisco:ironport_encryption_appliance:6.2:*:*:*:*:*:*:*
cpe:2.3:h:cisco:ironport_encryption_appliance:6.2.4:*:*:*:*:*:*:*
cpe:2.3:h:cisco:ironport_encryption_appliance:6.2.4.1:*:*:*:*:*:*:*
cpe:2.3:h:cisco:ironport_encryption_appliance:6.2.5:*:*:*:*:*:*:*
cpe:2.3:h:cisco:ironport_encryption_appliance:6.2.6:*:*:*:*:*:*:*
cpe:2.3:h:cisco:ironport_encryption_appliance:6.2.7:*:*:*:*:*:*:*
cpe:2.3:h:cisco:ironport_encryption_appliance:6.2.7.1:*:*:*:*:*:*:*
cpe:2.3:h:cisco:ironport_encryption_appliance:6.2.7.2:*:*:*:*:*:*:*
cpe:2.3:h:cisco:ironport_encryption_appliance:6.2.7.3:*:*:*:*:*:*:*
cpe:2.3:h:cisco:ironport_encryption_appliance:6.2.7.4:*:*:*:*:*:*:*
cpe:2.3:h:cisco:ironport_encryption_appliance:6.2.7.5:*:*:*:*:*:*:*
cpe:2.3:h:cisco:ironport_encryption_appliance:6.2.7.6:*:*:*:*:*:*:*
cpe:2.3:h:cisco:ironport_encryption_appliance:6.2.7.7:*:*:*:*:*:*:*
cpe:2.3:h:cisco:ironport_encryption_appliance:6.2.9:*:*:*:*:*:*:*
cpe:2.3:h:cisco:ironport_encryption_appliance:6.3:*:*:*:*:*:*:*
cpe:2.3:h:cisco:ironport_encryption_appliance:6.3.0.1:*:*:*:*:*:*:*
cpe:2.3:h:cisco:ironport_encryption_appliance:6.3.0.2:*:*:*:*:*:*:*
cpe:2.3:h:cisco:ironport_encryption_appliance:6.3.0.3:*:*:*:*:*:*:*
cpe:2.3:h:cisco:ironport_encryption_appliance:6.3.0.4:*:*:*:*:*:*:*
cpe:2.3:h:cisco:ironport_encryption_appliance:6.5:*:*:*:*:*:*:*
cpe:2.3:h:cisco:ironport_encryption_appliance:6.5.0.1:*:*:*:*:*:*:*
cpe:2.3:h:cisco:ironport_encryption_appliance:6.5.0.3:*:*:*:*:*:*:*
cpe:2.3:h:cisco:ironport_encryption_appliance:6.5.2:*:*:*:*:*:*:*
cpe:2.3:h:cisco:ironport_encryption_appliance:6.5.2.1:*:*:*:*:*:*:*
EPSS
Процентиль: 34%
0.00141
Низкий
4.3 Medium
CVSS2
Дефекты
CWE-79
Связанные уязвимости
github
почти 4 года назад
Cross-site scripting (XSS) vulnerability in the management interface on the Cisco IronPort Encryption Appliance with software before 6.5.3 allows remote attackers to inject arbitrary web script or HTML via the header parameter to the default URI under admin/, aka bug ID 72410.
EPSS
Процентиль: 34%
0.00141
Низкий
4.3 Medium
CVSS2
Дефекты
CWE-79