Zero-friction vulnerability management platform

Mageni eases for you the vulnerability scanning, assessment, and management process. It is free and open-source.

Install Now

Available for macOS, Windows, and Linux

App screenshot

Cisco Content Security Management Appliance XSS and CSRF Vulnerabilities

Information

Severity

Severity

Medium

Family

Family

CISCO

CVSSv2 Base

CVSSv2 Base

6.8

CVSSv2 Vector

CVSSv2 Vector

AV:N/AC:M/Au:N/C:P/I:P/A:P

Solution Type

Solution Type

Vendor Patch

Created

Created

8 years ago

Modified

Modified

3 years ago

Summary

This host is running Cisco Content Security Management Appliance and is prone to cross site scripting and cross site request forgery vulnerabilities.

Insight

Insight

Multiple flaws are due to, - The lack of output escaping in the default error 500 page. When a exception occurs in the application, the error description contains user unvalidated input from the request. - The lack of input validation on job_name, job_type, appliances_options and config_master parameters which are then printed unscapped on job_name, old_job_name, job_type, appliance_lists and config_master fields. - The CSRFKey is not used in some areas of the application.

Affected Software

Affected Software

Cisco Content Security Management Appliance (SMA) 8.1 and prior

Detection Method

Detection Method

Checks if a vulnerable version is present on the target host.

Solution

Solution

Upgrade to latest version of Cisco CSMA or apply the patch.

Common Vulnerabilities and Exposures (CVE)