Vulnerability Details CVE-2023-20119
A vulnerability in the web-based management interface of Cisco AsyncOS Software for Cisco Secure Email and Web Manager, formerly known as Content Security Management Appliance (SMA) could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the interface.
This vulnerability is due to insufficient user input validation. An attacker could exploit this vulnerability by persuading a user of an affected interface to click a crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive, browser-based information.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.001
EPSS Ranking 24.9%
CVSS Severity
CVSS v3 Score 6.1
References
Products affected by CVE-2023-20119
-
cpe:2.3:a:cisco:secure_email_and_web_manager:14.0.0-418
-
cpe:2.3:a:cisco:secure_email_and_web_manager:14.0.1-033
-
cpe:2.3:a:cisco:secure_email_and_web_manager:14.0.1-053
-
cpe:2.3:a:cisco:secure_email_and_web_manager:15.0.0-050
-
cpe:2.3:a:cisco:secure_email_and_web_manager:15.0.0-256
-
cpe:2.3:a:cisco:secure_email_gateway:14.0.0-418
-
cpe:2.3:a:cisco:secure_email_gateway:14.0.1-033
-
cpe:2.3:a:cisco:secure_email_gateway:14.0.1-053
-
cpe:2.3:a:cisco:secure_email_gateway:15.0.0-050
-
cpe:2.3:a:cisco:secure_email_gateway:15.0.0-256
-
cpe:2.3:a:cisco:web_security_appliance:14.0.0-418
-
cpe:2.3:a:cisco:web_security_appliance:14.0.1-033
-
cpe:2.3:a:cisco:web_security_appliance:14.0.1-053
-
cpe:2.3:a:cisco:web_security_appliance:15.0.0-050
-
cpe:2.3:a:cisco:web_security_appliance:15.0.0-256