Vulnerability Details CVE-2009-1162
Cross-site scripting (XSS) vulnerability in the Spam Quarantine login page in Cisco IronPort AsyncOS before 6.5.2 on Series C, M, and X appliances allows remote attackers to inject arbitrary web script or HTML via the referrer parameter.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.005
EPSS Ranking 65.6%
CVSS Severity
CVSS v2 Score 4.3
References
- http://osvdb.org/54884
- http://secunia.com/advisories/34895
- http://tools.cisco.com/security/center/viewAlert.x?alertId=18365
- http://www.securityfocus.com/bid/35203
- http://www.securitytracker.com/id?1022335
- https://exchange.xforce.ibmcloud.com/vulnerabilities/50948
- http://osvdb.org/54884
- http://secunia.com/advisories/34895
- http://tools.cisco.com/security/center/viewAlert.x?alertId=18365
- http://www.securityfocus.com/bid/35203
- http://www.securitytracker.com/id?1022335
- https://exchange.xforce.ibmcloud.com/vulnerabilities/50948
Products affected by CVE-2009-1162
-
cpe:2.3:h:cisco:ironport_email_security_appliances:*
-
cpe:2.3:o:cisco:ironport_asyncos:6.0.0-754
-
cpe:2.3:o:cisco:ironport_asyncos:6.0.0-757
-
cpe:2.3:o:cisco:ironport_asyncos:6.1.0-301
-
cpe:2.3:o:cisco:ironport_asyncos:6.1.0-304
-
cpe:2.3:o:cisco:ironport_asyncos:6.1.0-306
-
cpe:2.3:o:cisco:ironport_asyncos:6.1.0-307
-
cpe:2.3:o:cisco:ironport_asyncos:6.1.5-110
-
cpe:2.3:o:cisco:ironport_asyncos:6.1.6-003
-
cpe:2.3:o:cisco:ironport_asyncos:6.3.5-003
-
cpe:2.3:o:cisco:ironport_asyncos:6.3.6-003
-
cpe:2.3:o:cisco:ironport_asyncos:6.5.0-405
-
cpe:2.3:o:cisco:ironport_asyncos:6.5.1-005
-
cpe:2.3:o:cisco:ironport_asyncos:6.6.4.0-273