CVE-2015-0577

CVE Database · CVE-2015-0577

CVE-2015-0577

· N/AModified

CVSS v3.1

N/A

EPSS

1.16%

Published

Jan 14, 2015

Modified

May 6, 2026

Public PoC / Exploit

All weaponized →

No public PoC or exploit code indexed for this CVE.

Links to public security research (Exploit-DB, Nuclei, Trickest, GitHub) for defensive use only.

Description

Multiple cross-site scripting (XSS) vulnerabilities in the IronPort Spam Quarantine (ISQ) page in Cisco AsyncOS, as used on the Cisco Email Security Appliance (ESA) and Content Security Management Appliance (SMA), allow remote attackers to inject arbitrary web script or HTML via unspecified parameters, aka Bug IDs CSCus22925 and CSCup08113.

Weaknesses (CWE)

CWE-79

Affected Products (1)

cisco · asyncosvulnerable

References (10)

http://secunia.com/advisories/62289

http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2015-0577

Vendor Advisory

http://www.securityfocus.com/bid/72056

http://www.securitytracker.com/id/1031544

https://exchange.xforce.ibmcloud.com/vulnerabilities/100556