CVE-2024-20258

A vulnerability in the web-based management interface of Cisco AsyncOS Software for Cisco Secure Email and Web Manager and Secure Email Gateway could allow an unauthenticated, remote attacker to conduct an XSS attack against a user of the interface. This vulnerability is due to insufficient validation of user input. An attacker could exploit this vulnerability by persuading a user of an affected interface to click a crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive, browser-based information.

CVSS v3 6.1 MEDIUM

6.1^/10

CVSS v3 : MEDIUM

V3 Legend

Vector :

Exploitability : 2.8 / Impact : 2.7

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction REQUIRED

Confidentiality Impact LOW

Integrity Impact LOW

Availability Impact NONE

Scope CHANGED

References

Link	Resource
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-esa-sma-wsa-xss-bgG5WHOD	Vendor Advisory
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-esa-sma-wsa-xss-bgG5WHOD	Vendor Advisory

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:cisco:secure_email_gateway:11.0.3-238:::::::*
	cpe:2.3:a:cisco:secure_email_gateway:11.1.0-069:::::::*
	cpe:2.3:a:cisco:secure_email_gateway:11.1.0-128:::::::*
	cpe:2.3:a:cisco:secure_email_gateway:11.1.0-131:::::::*
	cpe:2.3:a:cisco:secure_email_gateway:12.0.0-419:::::::*
	cpe:2.3:a:cisco:secure_email_gateway:12.1.0-071:::::::*
	cpe:2.3:a:cisco:secure_email_gateway:12.1.0-087:::::::*
	cpe:2.3:a:cisco:secure_email_gateway:12.1.0-089:::::::*
	cpe:2.3:a:cisco:secure_email_gateway:12.5.0-066:::::::*
	cpe:2.3:a:cisco:secure_email_gateway:12.5.3-041:::::::*
	cpe:2.3:a:cisco:secure_email_gateway:12.5.4-041:::::::*
	cpe:2.3:a:cisco:secure_email_gateway:13.0.0-392:::::::*
	cpe:2.3:a:cisco:secure_email_gateway:13.0.5-007:::::::*
	cpe:2.3:a:cisco:secure_email_gateway:13.5.1-277:::::::*
	cpe:2.3:a:cisco:secure_email_gateway:13.5.4-038:::::::*
	cpe:2.3:a:cisco:secure_email_gateway:14.0.0-698:::::::*
	cpe:2.3:a:cisco:secure_email_gateway:14.2.0-620:::::::*
	cpe:2.3:a:cisco:secure_email_gateway:14.2.1-020:::::::*
	cpe:2.3:a:cisco:secure_email_gateway:14.3.0-032:::::::*
	cpe:2.3:a:cisco:secure_email_gateway:15.0.0-104:::::::*
	cpe:2.3:a:cisco:secure_email_gateway:15.0.1-030:::::::*
	cpe:2.3:a:cisco:secure_email_gateway:15.5.0-048:::::::*

Configuration 2 (hide)

OR	cpe:2.3:a:cisco:secure_email_and_web_manager:9.0.0-087:::::::*
	cpe:2.3:a:cisco:secure_email_and_web_manager:11.0.0-115:::::::*
	cpe:2.3:a:cisco:secure_email_and_web_manager:11.0.1-161:::::::*
	cpe:2.3:a:cisco:secure_email_and_web_manager:11.5.1-105:::::::*
	cpe:2.3:a:cisco:secure_email_and_web_manager:12.0.0-452:::::::*
	cpe:2.3:a:cisco:secure_email_and_web_manager:12.0.1-011:::::::*
	cpe:2.3:a:cisco:secure_email_and_web_manager:12.5.0-636:::::::*
	cpe:2.3:a:cisco:secure_email_and_web_manager:12.5.0-658:::::::*
	cpe:2.3:a:cisco:secure_email_and_web_manager:12.5.0-670:::::::*
	cpe:2.3:a:cisco:secure_email_and_web_manager:12.5.0-678:::::::*
	cpe:2.3:a:cisco:secure_email_and_web_manager:12.8.1-002:::::::*
	cpe:2.3:a:cisco:secure_email_and_web_manager:12.8.1-021:::::::*
	cpe:2.3:a:cisco:secure_email_and_web_manager:13.0.0-277:::::::*
	cpe:2.3:a:cisco:secure_email_and_web_manager:13.6.2-078:::::::*
	cpe:2.3:a:cisco:secure_email_and_web_manager:13.8.1-068:::::::*
	cpe:2.3:a:cisco:secure_email_and_web_manager:13.8.1-074:::::::*
	cpe:2.3:a:cisco:secure_email_and_web_manager:13.8.1-108:::::::*
	cpe:2.3:a:cisco:secure_email_and_web_manager:14.0.0-404:::::::*
	cpe:2.3:a:cisco:secure_email_and_web_manager:14.1.0-223:::::::*
	cpe:2.3:a:cisco:secure_email_and_web_manager:14.1.0-227:::::::*
	cpe:2.3:a:cisco:secure_email_and_web_manager:14.2.0-212:::::::*
	cpe:2.3:a:cisco:secure_email_and_web_manager:14.2.0-224:::::::*
	cpe:2.3:a:cisco:secure_email_and_web_manager:14.2.1-020:::::::*
	cpe:2.3:a:cisco:secure_email_and_web_manager:14.3.0-120:::::::*
	cpe:2.3:a:cisco:secure_email_and_web_manager:15.0.0-334:::::::*

History

30 Jun 2025, 17:24

Type	Values Removed	Values Added
First Time		Cisco secure Email And Web Manager Cisco Cisco secure Email Gateway
CPE		cpe:2.3:a:cisco:secure_email_and_web_manager:11.0.0-115:::::::* cpe:2.3:a:cisco:secure_email_and_web_manager:13.8.1-074:::::::* cpe:2.3:a:cisco:secure_email_gateway:12.1.0-089:::::::* cpe:2.3:a:cisco:secure_email_and_web_manager:11.0.1-161:::::::* cpe:2.3:a:cisco:secure_email_gateway:12.0.0-419:::::::* cpe:2.3:a:cisco:secure_email_and_web_manager:13.0.0-277:::::::* cpe:2.3:a:cisco:secure_email_and_web_manager:14.3.0-120:::::::* cpe:2.3:a:cisco:secure_email_gateway:13.5.1-277:::::::* cpe:2.3:a:cisco:secure_email_and_web_manager:14.2.0-224:::::::* cpe:2.3:a:cisco:secure_email_gateway:12.5.3-041:::::::* cpe:2.3:a:cisco:secure_email_gateway:13.0.0-392:::::::* cpe:2.3:a:cisco:secure_email_gateway:13.5.4-038:::::::* cpe:2.3:a:cisco:secure_email_gateway:14.3.0-032:::::::* cpe:2.3:a:cisco:secure_email_gateway:14.2.1-020:::::::* cpe:2.3:a:cisco:secure_email_and_web_manager:9.0.0-087:::::::* cpe:2.3:a:cisco:secure_email_gateway:12.1.0-087:::::::* cpe:2.3:a:cisco:secure_email_gateway:14.0.0-698:::::::* cpe:2.3:a:cisco:secure_email_and_web_manager:12.5.0-636:::::::* cpe:2.3:a:cisco:secure_email_gateway:11.1.0-131:::::::* cpe:2.3:a:cisco:secure_email_gateway:11.0.3-238:::::::* cpe:2.3:a:cisco:secure_email_gateway:13.0.5-007:::::::* cpe:2.3:a:cisco:secure_email_gateway:15.5.0-048:::::::* cpe:2.3:a:cisco:secure_email_and_web_manager:14.1.0-227:::::::* cpe:2.3:a:cisco:secure_email_gateway:11.1.0-069:::::::* cpe:2.3:a:cisco:secure_email_and_web_manager:13.6.2-078:::::::* cpe:2.3:a:cisco:secure_email_gateway:15.0.0-104:::::::* cpe:2.3:a:cisco:secure_email_and_web_manager:14.1.0-223:::::::* cpe:2.3:a:cisco:secure_email_gateway:15.0.1-030:::::::* cpe:2.3:a:cisco:secure_email_and_web_manager:14.2.0-212:::::::* cpe:2.3:a:cisco:secure_email_and_web_manager:12.0.0-452:::::::* cpe:2.3:a:cisco:secure_email_gateway:12.1.0-071:::::::* cpe:2.3:a:cisco:secure_email_and_web_manager:14.2.1-020:::::::* cpe:2.3:a:cisco:secure_email_and_web_manager:13.8.1-108:::::::* cpe:2.3:a:cisco:secure_email_and_web_manager:12.0.1-011:::::::* cpe:2.3:a:cisco:secure_email_and_web_manager:14.0.0-404:::::::* cpe:2.3:a:cisco:secure_email_and_web_manager:13.8.1-068:::::::* cpe:2.3:a:cisco:secure_email_gateway:11.1.0-128:::::::* cpe:2.3:a:cisco:secure_email_gateway:14.2.0-620:::::::* cpe:2.3:a:cisco:secure_email_and_web_manager:12.5.0-658:::::::* cpe:2.3:a:cisco:secure_email_and_web_manager:12.8.1-021:::::::* cpe:2.3:a:cisco:secure_email_gateway:12.5.4-041:::::::* cpe:2.3:a:cisco:secure_email_and_web_manager:12.8.1-002:::::::* cpe:2.3:a:cisco:secure_email_and_web_manager:15.0.0-334:::::::* cpe:2.3:a:cisco:secure_email_and_web_manager:11.5.1-105:::::::* cpe:2.3:a:cisco:secure_email_gateway:12.5.0-066:::::::* cpe:2.3:a:cisco:secure_email_and_web_manager:12.5.0-670:::::::* cpe:2.3:a:cisco:secure_email_and_web_manager:12.5.0-678:::::::*
References	~~() https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-esa-sma-wsa-xss-bgG5WHOD -~~	() https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-esa-sma-wsa-xss-bgG5WHOD - Vendor Advisory

21 Nov 2024, 08:52

Type	Values Removed	Values Added
References	~~() https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-esa-sma-wsa-xss-bgG5WHOD -~~	() https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-esa-sma-wsa-xss-bgG5WHOD -

15 May 2024, 18:35

Type	Values Removed	Values Added
New CVE

Information

Published : 2024-05-15 18:15

Updated : 2025-06-30 17:24

NVD link : CVE-2024-20258

Mitre link : CVE-2024-20258

CVE.ORG link : CVE-2024-20258

JSON object : View

Products Affected

cisco

secure_email_gateway
secure_email_and_web_manager

CWE

CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

6.1 /10