Unrated severityNVD Advisory· Published Jun 10, 2014· Updated May 6, 2026

CVE-2014-3289

Description

Cross-site scripting (XSS) vulnerability in the web management interface in Cisco AsyncOS on the Email Security Appliance (ESA) 8.0, Web Security Appliance (WSA) 8.0 (.5 Hot Patch 1) and earlier, and Content Security Management Appliance (SMA) 8.3 and earlier allows remote attackers to inject arbitrary web script or HTML via a crafted parameter, as demonstrated by the date_range parameter to monitor/reports/overview on the IronPort ESA, aka Bug IDs CSCun07998, CSCun07844, and CSCun07888.

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

seclists.org/fulldisclosure/2014/Jun/57nvdExploitThird Party AdvisoryVDB Entry
tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-3289nvdVendor Advisory
tools.cisco.com/security/center/viewAlert.xnvdVendor Advisory
www.securityfocus.com/bid/67943nvdThird Party AdvisoryVDB Entry
www.securitytracker.com/id/1030407nvdThird Party AdvisoryVDB Entry
secunia.com/advisories/58296nvdPermissions Required
packetstormsecurity.com/files/127004/Cisco-Ironport-Email-Security-Virtual-Appliance-8.0.0-671-XSS.htmlnvd
www.kb.cert.org/vuls/id/613308nvd

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.001
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000