CVE-2012-0340
Summary
| CVE | CVE-2012-0340 |
|---|---|
| State | PUBLISHED |
| Assigner | cisco |
| Source Priority | CVE Program / NVD first with legacy fallback |
| Published | 2012-02-13 22:55:01 UTC |
| Updated | 2026-04-29 01:13:23 UTC |
| Description | Cross-site scripting (XSS) vulnerability in the management interface on the Cisco IronPort Encryption Appliance with software before 6.5.3 allows remote attackers to inject arbitrary web script or HTML via the header parameter to the default URI under admin/, aka bug ID 72410. |
Risk And Classification
CVSS v2.0 Breakdown
Access Vector
NetworkAccess Complexity
MediumAuthentication
NoneConfidentiality
NoneIntegrity
PartialAvailability
NoneAV:N/AC:M/Au:N/C:N/I:P/A:N
NVD Known Affected Configurations (CPE 2.3)
Vendor Declared Affected Products
References
| Reference | Source | Link | Tags |
|---|---|---|---|
| Cisco IronPort Web-Based Administration Interface Cross-Site Scripting Vulnerability | af854a3a-2127-422b-91ae-364da2661108 | tools.cisco.com | Vendor Advisory |
| 404 | Secureworks | af854a3a-2127-422b-91ae-364da2661108 | www.secureworks.com | |
| CVE Program record | CVE.ORG | www.cve.org | canonical |
| NVD vulnerability detail | NVD | nvd.nist.gov | canonical, analysis |
No vendor comments have been submitted for this CVE.
Legacy QID Mappings
- 590851 Advantech Studio ISSymbol ActiveX Buffer Overflow Multiple Vulnerabilities (ICSA-12-137-02)