Medium severity6.1NVD Advisory· Published Dec 14, 2016· Updated May 6, 2026
CVE-2016-9202
CVE-2016-9202
Description
A vulnerability in the web-based management interface of Cisco Email Security Appliance (ESA) Switches could allow an unauthenticated, remote attacker to conduct a persistent cross-site scripting (XSS) attack against a user of the affected interface on an affected device. More Information: CSCvb37346. Known Affected Releases: 9.1.1-036 9.7.1-066.
Affected products
16cpe:2.3:a:cisco:email_security_appliance:9.1.1-036:*:*:*:*:*:*:*+ 15 more
- cpe:2.3:a:cisco:email_security_appliance:9.1.1-036:*:*:*:*:*:*:*
- cpe:2.3:a:cisco:email_security_appliance:9.1.2-023:*:*:*:*:*:*:*
- cpe:2.3:a:cisco:email_security_appliance:9.1.2-028:*:*:*:*:*:*:*
- cpe:2.3:a:cisco:email_security_appliance:9.1.2-036:*:*:*:*:*:*:*
- cpe:2.3:a:cisco:email_security_appliance:9.4.0:*:*:*:*:*:*:*
- cpe:2.3:a:cisco:email_security_appliance:9.4.4-000:*:*:*:*:*:*:*
- cpe:2.3:a:cisco:email_security_appliance:9.5.0-000:*:*:*:*:*:*:*
- cpe:2.3:a:cisco:email_security_appliance:9.5.0-201:*:*:*:*:*:*:*
- cpe:2.3:a:cisco:email_security_appliance:9.6.0-000:*:*:*:*:*:*:*
- cpe:2.3:a:cisco:email_security_appliance:9.6.0-042:*:*:*:*:*:*:*
- cpe:2.3:a:cisco:email_security_appliance:9.6.0-051:*:*:*:*:*:*:*
- cpe:2.3:a:cisco:email_security_appliance:9.7.0-125:*:*:*:*:*:*:*
- cpe:2.3:a:cisco:email_security_appliance:9.7.1-066:*:*:*:*:*:*:*
- cpe:2.3:a:cisco:email_security_appliance:9.7.2-046:*:*:*:*:*:*:*
- cpe:2.3:a:cisco:email_security_appliance:9.7.2-047:*:*:*:*:*:*:*
- cpe:2.3:a:cisco:email_security_appliance:9.7.2-054:*:*:*:*:*:*:*
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
3- www.securityfocus.com/bid/94799nvdThird Party AdvisoryVDB Entry
- www.securitytracker.com/id/1037423nvdThird Party AdvisoryVDB Entry
- tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161207-esa1nvdVendor Advisory
News mentions
0No linked articles in our index yet.