{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2009-06-03T00:00:00.000Z", "descriptions": [{"lang": "en", "value": "Cross-site scripting (XSS) vulnerability in the Spam Quarantine login page in Cisco IronPort AsyncOS before 6.5.2 on Series C, M, and X appliances allows remote attackers to inject arbitrary web script or HTML via the referrer parameter."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2017-08-16T14:57:01.000Z", "orgId": "d1c1063e-7a18-46af-9102-31f8928bc633", "shortName": "cisco"}, "references": [{"name": "34895", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/34895"}, {"name": "35203", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/35203"}, {"name": "ironport-asyncos-referrer-xss(50948)", "tags": ["vdb-entry", "x_refsource_XF"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/50948"}, {"name": "54884", "tags": ["vdb-entry", "x_refsource_OSVDB"], "url": "http://osvdb.org/54884"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://tools.cisco.com/security/center/viewAlert.x?alertId=18365"}, {"name": "1022335", "tags": ["vdb-entry", "x_refsource_SECTRACK"], "url": "http://www.securitytracker.com/id?1022335"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "psirt@cisco.com", "ID": "CVE-2009-1162", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Cross-site scripting (XSS) vulnerability in the Spam Quarantine login page in Cisco IronPort AsyncOS before 6.5.2 on Series C, M, and X appliances allows remote attackers to inject arbitrary web script or HTML via the referrer parameter."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "34895", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/34895"}, {"name": "35203", "refsource": "BID", "url": "http://www.securityfocus.com/bid/35203"}, {"name": "ironport-asyncos-referrer-xss(50948)", "refsource": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/50948"}, {"name": "54884", "refsource": "OSVDB", "url": "http://osvdb.org/54884"}, {"name": "http://tools.cisco.com/security/center/viewAlert.x?alertId=18365", "refsource": "CONFIRM", "url": "http://tools.cisco.com/security/center/viewAlert.x?alertId=18365"}, {"name": "1022335", "refsource": "SECTRACK", "url": "http://www.securitytracker.com/id?1022335"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-07T05:04:49.064Z"}, "title": "CVE Program Container", "references": [{"name": "34895", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/34895"}, {"name": "35203", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/35203"}, {"name": "ironport-asyncos-referrer-xss(50948)", "tags": ["vdb-entry", "x_refsource_XF", "x_transferred"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/50948"}, {"name": "54884", "tags": ["vdb-entry", "x_refsource_OSVDB", "x_transferred"], "url": "http://osvdb.org/54884"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://tools.cisco.com/security/center/viewAlert.x?alertId=18365"}, {"name": "1022335", "tags": ["vdb-entry", "x_refsource_SECTRACK", "x_transferred"], "url": "http://www.securitytracker.com/id?1022335"}]}]}, "cveMetadata": {"assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633", "assignerShortName": "cisco", "cveId": "CVE-2009-1162", "datePublished": "2009-06-05T15:25:00.000Z", "dateReserved": "2009-03-26T00:00:00.000Z", "dateUpdated": "2024-08-07T05:04:49.064Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:cisco:ironport_asyncos:6.0.0-754:*:*:*:*:*:*:*", "matchCriteriaId": "477A66C5-9B97-4363-8374-7AAD50A6203A", "vulnerable": true}, {"criteria": "cpe:2.3:o:cisco:ironport_asyncos:6.0.0-757:*:*:*:*:*:*:*", "matchCriteriaId": "01DB8C2D-5C38-4171-AE6F-FB224AEC3225", "vulnerable": true}, {"criteria": "cpe:2.3:o:cisco:ironport_asyncos:6.1.0-301:*:*:*:*:*:*:*", "matchCriteriaId": "C1913AA9-2FF7-43BF-902A-A0730D375580", "vulnerable": true}, {"criteria": "cpe:2.3:o:cisco:ironport_asyncos:6.1.0-304:*:*:*:*:*:*:*", "matchCriteriaId": "22339A19-2486-4916-B63F-8D0095CE2CAE", "vulnerable": true}, {"criteria": "cpe:2.3:o:cisco:ironport_asyncos:6.1.0-306:*:*:*:*:*:*:*", "matchCriteriaId": "BD01E9B8-6787-4658-9E45-2B4916BB0409", "vulnerable": true}, {"criteria": "cpe:2.3:o:cisco:ironport_asyncos:6.1.0-307:*:*:*:*:*:*:*", "matchCriteriaId": "30A807C2-CE36-4760-BC2A-D9A6AEA1D65B", "vulnerable": true}, {"criteria": "cpe:2.3:o:cisco:ironport_asyncos:6.1.5-110:*:*:*:*:*:*:*", "matchCriteriaId": "5134EEAA-DE71-4283-B3D3-2923749EE92D", "vulnerable": true}, {"criteria": "cpe:2.3:o:cisco:ironport_asyncos:6.1.6-003:*:*:*:*:*:*:*", "matchCriteriaId": "DEB855ED-197C-4CAC-A5B8-E02D598320EE", "vulnerable": true}, {"criteria": "cpe:2.3:o:cisco:ironport_asyncos:6.3.5-003:*:*:*:*:*:*:*", "matchCriteriaId": "F99C6CBC-4044-45A1-B79C-C54E4A13F41B", "vulnerable": true}, {"criteria": "cpe:2.3:o:cisco:ironport_asyncos:6.3.6-003:*:*:*:*:*:*:*", "matchCriteriaId": "29EB3C86-E8EF-4AE2-A8DC-C0B912F27F0D", "vulnerable": true}, {"criteria": "cpe:2.3:o:cisco:ironport_asyncos:6.5.0-405:*:*:*:*:*:*:*", "matchCriteriaId": "4716DAB7-C9E9-47DE-946B-B5B8F0768985", "vulnerable": true}, {"criteria": "cpe:2.3:o:cisco:ironport_asyncos:6.5.1-005:*:*:*:*:*:*:*", "matchCriteriaId": "9F240870-D97A-458A-9485-24CAD3816E68", "vulnerable": true}, {"criteria": "cpe:2.3:o:cisco:ironport_asyncos:6.6.4.0-273:*:*:*:*:*:*:*", "matchCriteriaId": "F5A6548C-217F-4496-8DF2-4EF2A775BF7D", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:cisco:ironport_email_security_appliances:*:c:*:*:*:*:*:*", "matchCriteriaId": "C9211A16-3F60-4FEF-9164-93A8DC447A76", "vulnerable": true}, {"criteria": "cpe:2.3:h:cisco:ironport_email_security_appliances:*:m:*:*:*:*:*:*", "matchCriteriaId": "202BD85B-AE22-4638-A344-E5C75C4CC243", "vulnerable": true}, {"criteria": "cpe:2.3:h:cisco:ironport_email_security_appliances:*:x:*:*:*:*:*:*", "matchCriteriaId": "79F52D0C-C0D9-4802-9A07-968F6F68C038", "vulnerable": true}], "negate": false, "operator": "OR"}], "operator": "AND"}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Cross-site scripting (XSS) vulnerability in the Spam Quarantine login page in Cisco IronPort AsyncOS before 6.5.2 on Series C, M, and X appliances allows remote attackers to inject arbitrary web script or HTML via the referrer parameter."}, {"lang": "es", "value": "Vulnerabilidad de ejecuci\u00f3n de secuencias de comandos en sitios cruzados (XSS) en la p\u00e1gina de login Spam Quarantine en Cisco IronPort AsyncOS anterior a v6.5.2 en las Series C, M y X, permite a atacantes remotos inyectar secuencias de comandos web y HTML de su elecci\u00f3n a trav\u00e9s del par\u00e1metro \"referer\"."}], "id": "CVE-2009-1162", "lastModified": "2025-04-09T00:30:58.490", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 4.3, "confidentialityImpact": "NONE", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": true}]}, "published": "2009-06-05T16:00:00.280", "references": [{"source": "psirt@cisco.com", "url": "http://osvdb.org/54884"}, {"source": "psirt@cisco.com", "tags": ["Vendor Advisory"], "url": "http://secunia.com/advisories/34895"}, {"source": "psirt@cisco.com", "tags": ["Vendor Advisory"], "url": "http://tools.cisco.com/security/center/viewAlert.x?alertId=18365"}, {"source": "psirt@cisco.com", "url": "http://www.securityfocus.com/bid/35203"}, {"source": "psirt@cisco.com", "url": "http://www.securitytracker.com/id?1022335"}, {"source": "psirt@cisco.com", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/50948"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://osvdb.org/54884"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "http://secunia.com/advisories/34895"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "http://tools.cisco.com/security/center/viewAlert.x?alertId=18365"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securityfocus.com/bid/35203"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securitytracker.com/id?1022335"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/50948"}], "sourceIdentifier": "psirt@cisco.com", "vulnStatus": "Deferred", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-79"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{}

{}