CVE-2024-20256
Severity CVSS v4.0:
Pending analysis
Type:
CWE-79
Cross-Site Scripting (XSS)
Publication date:
15/05/2024
Last modified:
07/08/2025
Description
A vulnerability in the web-based management interface of Cisco AsyncOS Software for Cisco Secure Email and Web Manager and Secure Web Appliance could allow an authenticated, remote attacker to conduct an XSS attack against a user of the interface.<br />
<br />
This vulnerability is due to insufficient validation of user input. An attacker could exploit this vulnerability by persuading a user of an affected interface to click a crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive, browser-based information.
Impact
Base Score 3.x
4.80
Severity 3.x
MEDIUM
Vulnerable products and versions
| CPE | From | Up to |
|---|---|---|
| cpe:2.3:o:cisco:asyncos:11.7.0-406:*:*:*:*:*:*:* | ||
| cpe:2.3:o:cisco:asyncos:11.7.0-418:*:*:*:*:*:*:* | ||
| cpe:2.3:o:cisco:asyncos:11.7.1-006:*:*:*:*:*:*:* | ||
| cpe:2.3:o:cisco:asyncos:11.7.1-020:*:*:*:*:*:*:* | ||
| cpe:2.3:o:cisco:asyncos:11.7.1-049:*:*:*:*:*:*:* | ||
| cpe:2.3:o:cisco:asyncos:11.7.2-011:*:*:*:*:*:*:* | ||
| cpe:2.3:o:cisco:asyncos:11.8.0-414:*:*:*:*:*:*:* | ||
| cpe:2.3:o:cisco:asyncos:11.8.1-023:*:*:*:*:*:*:* | ||
| cpe:2.3:o:cisco:asyncos:11.8.3-018:*:*:*:*:*:*:* | ||
| cpe:2.3:o:cisco:asyncos:11.8.3-021:*:*:*:*:*:*:* | ||
| cpe:2.3:o:cisco:asyncos:12.0.1-268:*:*:*:*:*:*:* | ||
| cpe:2.3:o:cisco:asyncos:12.0.3-007:*:*:*:*:*:*:* | ||
| cpe:2.3:o:cisco:asyncos:12.5.1-011:*:*:*:*:*:*:* | ||
| cpe:2.3:o:cisco:asyncos:12.5.2-007:*:*:*:*:*:*:* | ||
| cpe:2.3:o:cisco:asyncos:12.5.4-005:*:*:*:*:*:*:* |
To consult the complete list of CPE names with products and versions, see this page