Unrated severityNVD Advisory· Published Jul 29, 2015· Updated May 6, 2026

CVE-2015-0732

Description

Cross-site scripting (XSS) vulnerability in Cisco AsyncOS on the Web Security Appliance (WSA) 9.0.0-193; Email Security Appliance (ESA) 8.5.6-113, 9.1.0-032, 9.1.1-000, and 9.6.0-000; and Content Security Management Appliance (SMA) 9.1.0-033 allows remote attackers to inject arbitrary web script or HTML via an unspecified parameter, aka Bug IDs CSCuu37430, CSCuu37420, CSCut71981, and CSCuv50167.

Affected products

Cisco Systems, Inc./Content Security Management Virtual Appliance
cpe:2.3:a:cisco:content_security_management_virtual_appliance:9.1.0-033:*:*:*:*:*:*:*
Cisco Systems, Inc./Web Security Appliance
cpe:2.3:a:cisco:web_security_appliance:9.0.0-193:*:*:*:*:*:*:*
Cisco Systems, Inc./Email Security Appliance Firmware4 versions
cpe:2.3:o:cisco:email_security_appliance_firmware:8.5.6-113:*:*:*:*:*:*:*+ 3 more
- cpe:2.3:o:cisco:email_security_appliance_firmware:8.5.6-113:*:*:*:*:*:*:*
- cpe:2.3:o:cisco:email_security_appliance_firmware:9.1.0-032:*:*:*:*:*:*:*
- cpe:2.3:o:cisco:email_security_appliance_firmware:9.1.1-000:*:*:*:*:*:*:*
- cpe:2.3:o:cisco:email_security_appliance_firmware:9.6.0-000:*:*:*:*:*:*:*

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

tools.cisco.com/security/center/viewAlert.xnvdVendor Advisory
www.securitytracker.com/id/1033086nvd
www.securitytracker.com/id/1033087nvd

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000