Vulnerability Details CVE-2023-20028
Multiple vulnerabilities in the web-based management interface of Cisco AsyncOS Software for Cisco Secure Email and Web Manager; Cisco Secure Email Gateway, formerly Cisco Email Security Appliance (ESA); and Cisco Secure Web Appliance, formerly Cisco Web Security Appliance (WSA), could allow a remote attacker to conduct a cross-site scripting (XSS) attack against a user of the interface. For more information about these vulnerabilities, see the Details section of this advisory.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.001
EPSS Ranking 32.3%
CVSS Severity
CVSS v3 Score 5.4
References
Products affected by CVE-2023-20028
-
cpe:2.3:a:cisco:secure_email_and_web_manager:14.0.0-418
-
cpe:2.3:a:cisco:secure_email_and_web_manager:14.0.1-033
-
cpe:2.3:a:cisco:secure_email_and_web_manager:14.0.1-053
-
cpe:2.3:a:cisco:secure_email_and_web_manager:15.0.0-050
-
cpe:2.3:a:cisco:secure_email_and_web_manager:15.0.0-256
-
cpe:2.3:a:cisco:secure_email_gateway:14.0.0-418
-
cpe:2.3:a:cisco:secure_email_gateway:14.0.1-033
-
cpe:2.3:a:cisco:secure_email_gateway:14.0.1-053
-
cpe:2.3:a:cisco:secure_email_gateway:15.0.0-050
-
cpe:2.3:a:cisco:secure_email_gateway:15.0.0-256
-
cpe:2.3:a:cisco:web_security_appliance:14.0.0-418
-
cpe:2.3:a:cisco:web_security_appliance:14.0.1-033
-
cpe:2.3:a:cisco:web_security_appliance:14.0.1-053
-
cpe:2.3:a:cisco:web_security_appliance:15.0.0-050
-
cpe:2.3:a:cisco:web_security_appliance:15.0.0-256