CVE-2023-20119

{"id": "CVE-2023-20119", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "CHANGED", "version": "3.1", "baseScore": 6.1, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "integrityImpact": "LOW", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "LOW"}, "impactScore": 2.7, "exploitabilityScore": 2.8}, {"type": "Secondary", "source": "ykramarz@cisco.com", "cvssData": {"scope": "CHANGED", "version": "3.1", "baseScore": 6.1, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "integrityImpact": "LOW", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "LOW"}, "impactScore": 2.7, "exploitabilityScore": 2.8}]}, "published": "2023-06-28T15:15:09.700", "references": [{"url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-esa-sma-wsa-xss-cP9DuEmq", "tags": ["Vendor Advisory"], "source": "ykramarz@cisco.com"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-79"}]}, {"type": "Secondary", "source": "ykramarz@cisco.com", "description": [{"lang": "en", "value": "CWE-79"}]}], "descriptions": [{"lang": "en", "value": "A vulnerability in the web-based management interface of Cisco AsyncOS Software for Cisco Secure Email and Web Manager, formerly known as Content Security Management Appliance (SMA) could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the interface.\r\n\r This vulnerability is due to insufficient user input validation. An attacker could exploit this vulnerability by persuading a user of an affected interface to click a crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive, browser-based information."}], "lastModified": "2024-01-25T17:15:31.220", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:cisco:secure_email_and_web_manager:14.0.0-418:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "91A23056-1521-4982-8F4D-BCDB6F9E98EE"}, {"criteria": "cpe:2.3:a:cisco:secure_email_and_web_manager:14.0.1-033:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "D9897B99-0295-4D4D-8EE7-88FB5BC97123"}, {"criteria": "cpe:2.3:a:cisco:secure_email_and_web_manager:14.0.1-053:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "286B37A2-A7B1-44D9-A2BD-56F9C26195A7"}, {"criteria": "cpe:2.3:a:cisco:secure_email_and_web_manager:15.0.0-050:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "3774F588-98E5-4197-B858-FF83B5838265"}, {"criteria": "cpe:2.3:a:cisco:secure_email_and_web_manager:15.0.0-256:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "99A048C2-7352-4ED5-990F-95467AAB022C"}, {"criteria": "cpe:2.3:a:cisco:secure_email_gateway:14.0.0-418:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "02212FE3-CEE6-4609-B9AE-CD228F4ADFFC"}, {"criteria": "cpe:2.3:a:cisco:secure_email_gateway:14.0.1-033:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "B0DB52EF-1542-4665-AC44-F1E3B074B615"}, {"criteria": "cpe:2.3:a:cisco:secure_email_gateway:14.0.1-053:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "615DD221-9200-41D1-9DAF-CC8BEB67342C"}, {"criteria": "cpe:2.3:a:cisco:secure_email_gateway:15.0.0-050:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "4AEA665F-86B3-4AA6-9E99-6F935264222A"}, {"criteria": "cpe:2.3:a:cisco:secure_email_gateway:15.0.0-256:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "988AAD9A-B4FD-42C5-B222-53A4E69CE87E"}, {"criteria": "cpe:2.3:a:cisco:web_security_appliance:14.0.0-418:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "5A694B4F-D454-405B-B620-A899543DA2E8"}, {"criteria": "cpe:2.3:a:cisco:web_security_appliance:14.0.1-033:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "CB812B1F-3E7E-4AD6-9AA3-241B957A0047"}, {"criteria": "cpe:2.3:a:cisco:web_security_appliance:14.0.1-053:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "BDE6AB7B-561D-4D50-907B-605CD0649A98"}, {"criteria": "cpe:2.3:a:cisco:web_security_appliance:15.0.0-050:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "B71B523B-95F6-463F-B96B-9C301B6FFA9B"}, {"criteria": "cpe:2.3:a:cisco:web_security_appliance:15.0.0-256:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "1DFDA027-9BED-4DB5-804D-A192FF8138CF"}], "operator": "OR"}]}], "sourceIdentifier": "ykramarz@cisco.com"}