Zero-friction vulnerability management platform
Available for macOS, Windows, and Linux
Cisco Content Security Management Appliance XSS and CSRF Vulnerabilities
This host is running Cisco Content Security Management Appliance and is prone to cross site scripting and cross site request forgery vulnerabilities.
Multiple flaws are due to, - The lack of output escaping in the default error 500 page. When a exception occurs in the application, the error description contains user unvalidated input from the request. - The lack of input validation on job_name, job_type, appliances_options and config_master parameters which are then printed unscapped on job_name, old_job_name, job_type, appliance_lists and config_master fields. - The CSRFKey is not used in some areas of the application.
Cisco Content Security Management Appliance (SMA) 8.1 and prior
Checks if a vulnerable version is present on the target host.
Upgrade to latest version of Cisco CSMA or apply the patch.