VAR-201706-0580
Vulnerability from variot - Updated: 2025-04-20 23:27A vulnerability in the web-based management interface of Cisco Email Security Appliance (ESA) and Cisco Content Security Management Appliance (SMA) could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web-based management interface of an affected device, aka Message Tracking XSS. More Information: CSCvd30805 CSCvd34861. Known Affected Releases: 10.0.0-203 10.1.0-049. Vendors have confirmed this vulnerability Bug ID CSCvd30805 and CSCvd34861 It is released as.A remote attacker could conduct a cross-site scripting attack. An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This can allow the attacker to steal cookie-based authentication credentials and launch other attacks. This issues are being tracked by Cisco Bug ID's CSCvd30805 and CSCvd34861. A remote attacker can exploit this vulnerability to inject arbitrary web script or HTML
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201706-0580",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "content security management appliance",
"scope": "eq",
"trust": 2.7,
"vendor": "cisco",
"version": "10.1.0-049"
},
{
"model": "content security management appliance",
"scope": "eq",
"trust": 2.4,
"vendor": "cisco",
"version": "10.0.0-203"
},
{
"model": "email security appliance",
"scope": "eq",
"trust": 1.9,
"vendor": "cisco",
"version": "10.0.0-203"
},
{
"model": "email security appliance",
"scope": "eq",
"trust": 1.6,
"vendor": "cisco",
"version": "10.1.0-049"
},
{
"model": "e email security the appliance",
"scope": "eq",
"trust": 0.8,
"vendor": "cisco",
"version": "10.0.0-203"
},
{
"model": "e email security the appliance",
"scope": "eq",
"trust": 0.8,
"vendor": "cisco",
"version": "10.1.0-049"
}
],
"sources": [
{
"db": "BID",
"id": "98950"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-004887"
},
{
"db": "CNNVD",
"id": "CNNVD-201706-363"
},
{
"db": "NVD",
"id": "CVE-2017-6661"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/h:cisco:email_security_appliance",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/h:cisco:content_security_management_appliance",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2017-004887"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Cisco",
"sources": [
{
"db": "BID",
"id": "98950"
},
{
"db": "CNNVD",
"id": "CNNVD-201706-363"
}
],
"trust": 0.9
},
"cve": "CVE-2017-6661",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"exploitabilityScore": 8.6,
"id": "CVE-2017-6661",
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 1.8,
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"exploitabilityScore": 8.6,
"id": "VHN-114864",
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:M/AU:N/C:N/I:P/A:N",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"exploitabilityScore": 2.8,
"id": "CVE-2017-6661",
"impactScore": 2.7,
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"trust": 1.8,
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2017-6661",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "NVD",
"id": "CVE-2017-6661",
"trust": 0.8,
"value": "Medium"
},
{
"author": "CNNVD",
"id": "CNNVD-201706-363",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-114864",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-114864"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-004887"
},
{
"db": "CNNVD",
"id": "CNNVD-201706-363"
},
{
"db": "NVD",
"id": "CVE-2017-6661"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "A vulnerability in the web-based management interface of Cisco Email Security Appliance (ESA) and Cisco Content Security Management Appliance (SMA) could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web-based management interface of an affected device, aka Message Tracking XSS. More Information: CSCvd30805 CSCvd34861. Known Affected Releases: 10.0.0-203 10.1.0-049. Vendors have confirmed this vulnerability Bug ID CSCvd30805 and CSCvd34861 It is released as.A remote attacker could conduct a cross-site scripting attack. \nAn attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This can allow the attacker to steal cookie-based authentication credentials and launch other attacks. \nThis issues are being tracked by Cisco Bug ID\u0027s CSCvd30805 and CSCvd34861. A remote attacker can exploit this vulnerability to inject arbitrary web script or HTML",
"sources": [
{
"db": "NVD",
"id": "CVE-2017-6661"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-004887"
},
{
"db": "BID",
"id": "98950"
},
{
"db": "VULHUB",
"id": "VHN-114864"
}
],
"trust": 1.98
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2017-6661",
"trust": 2.8
},
{
"db": "BID",
"id": "98950",
"trust": 2.0
},
{
"db": "SECTRACK",
"id": "1038638",
"trust": 1.1
},
{
"db": "SECTRACK",
"id": "1038637",
"trust": 1.1
},
{
"db": "JVNDB",
"id": "JVNDB-2017-004887",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201706-363",
"trust": 0.7
},
{
"db": "NSFOCUS",
"id": "36818",
"trust": 0.6
},
{
"db": "VULHUB",
"id": "VHN-114864",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-114864"
},
{
"db": "BID",
"id": "98950"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-004887"
},
{
"db": "CNNVD",
"id": "CNNVD-201706-363"
},
{
"db": "NVD",
"id": "CVE-2017-6661"
}
]
},
"id": "VAR-201706-0580",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-114864"
}
],
"trust": 0.53892258
},
"last_update_date": "2025-04-20T23:27:23.649000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "cisco-sa-20170607-esa",
"trust": 0.8,
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170607-esa"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2017-004887"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-79",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-114864"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-004887"
},
{
"db": "NVD",
"id": "CVE-2017-6661"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.0,
"url": "https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20170607-esa"
},
{
"trust": 1.7,
"url": "http://www.securityfocus.com/bid/98950"
},
{
"trust": 1.1,
"url": "http://www.securitytracker.com/id/1038637"
},
{
"trust": 1.1,
"url": "http://www.securitytracker.com/id/1038638"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-6661"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-6661"
},
{
"trust": 0.6,
"url": "http://www.nsfocus.net/vulndb/36818"
},
{
"trust": 0.3,
"url": "http://www.cisco.com/"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-114864"
},
{
"db": "BID",
"id": "98950"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-004887"
},
{
"db": "CNNVD",
"id": "CNNVD-201706-363"
},
{
"db": "NVD",
"id": "CVE-2017-6661"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-114864"
},
{
"db": "BID",
"id": "98950"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-004887"
},
{
"db": "CNNVD",
"id": "CNNVD-201706-363"
},
{
"db": "NVD",
"id": "CVE-2017-6661"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2017-06-13T00:00:00",
"db": "VULHUB",
"id": "VHN-114864"
},
{
"date": "2017-06-07T00:00:00",
"db": "BID",
"id": "98950"
},
{
"date": "2017-07-10T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2017-004887"
},
{
"date": "2017-06-07T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201706-363"
},
{
"date": "2017-06-13T06:29:00.940000",
"db": "NVD",
"id": "CVE-2017-6661"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2017-07-08T00:00:00",
"db": "VULHUB",
"id": "VHN-114864"
},
{
"date": "2017-06-07T00:00:00",
"db": "BID",
"id": "98950"
},
{
"date": "2017-07-10T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2017-004887"
},
{
"date": "2017-07-14T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201706-363"
},
{
"date": "2025-04-20T01:37:25.860000",
"db": "NVD",
"id": "CVE-2017-6661"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201706-363"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Cisco ESA and SMA of Web -Based scripting interface cross-site scripting vulnerability",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2017-004887"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "XSS",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201706-363"
}
],
"trust": 0.6
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…