CVE-2015-0732

Name of the Vulnerable Software and Affected Versions Cisco AsyncOS on the Web Security Appliance (WSA) version 9.0.0-193 Cisco Email Security Appliance (ESA) versions 8.5.6-113, 9.1.0-032, 9.1.1-000, and 9.6.0-000 Cisco Content Security Management Appliance (SMA) version 9.1.0-033

Description A cross-site scripting (XSS) issue allows remote attackers to inject arbitrary web script or HTML via an unspecified parameter. This could potentially lead to unauthorized actions on the affected system.

Recommendations For Cisco AsyncOS on the Web Security Appliance (WSA) version 9.0.0-193, update to a fixed version to resolve the issue. For Cisco Email Security Appliance (ESA) versions 8.5.6-113, 9.1.0-032, 9.1.1-000, and 9.6.0-000, update to a fixed version to resolve the issue. For Cisco Content Security Management Appliance (SMA) version 9.1.0-033, update to a fixed version to resolve the issue. As a temporary workaround, consider restricting access to unspecified parameters to minimize the risk of exploitation.