CVE-2016-1423

Name of the Vulnerable Software and Affected Versions Cisco Email Security Appliance (ESA) versions 8.0.2-069

Description A vulnerability in the display of email messages in the Messages in Quarantine (MIQ) view could allow an unauthenticated, remote attacker to cause a user to click a malicious link in the MIQ view. The malicious link could be used to facilitate a cross-site scripting (XSS) or HTML injection attack.

Recommendations For Cisco Email Security Appliance (ESA) version 8.0.2-069, update to version 9.1.1-038 or 9.7.2-047 to resolve the issue. As a temporary workaround, consider restricting access to the MIQ view until the update is applied.