CVE-2019-1777

Name of the Vulnerable Software and Affected Versions Cisco Registered Envelope Service versions 5.3.4.x

Description The issue is related to insufficient validation of user-supplied input by the web-based interface, allowing an attacker to conduct a cross-site scripting (XSS) attack. This could enable the execution of arbitrary script code or access to sensitive information by sending a specially crafted email.

Recommendations For versions 5.3.4.x, update to a version that includes the fix for this issue to prevent exploitation. As a temporary workaround, consider restricting access to the web-based interface of the Cisco Registered Envelope Service to minimize the risk of exploitation. Avoid using the service to send or receive sensitive information until the issue is resolved.