CVE-2023-20028 (secure_email_and_web_manager, secure_email_gateway, web_security_appliance)

Multiple vulnerabilities in the web-based management interface of Cisco AsyncOS Software for Cisco Secure Email and Web Manager; Cisco Secure Email Gateway, formerly Cisco Email Security Appliance (ESA); and Cisco Secure Web Appliance, formerly Cisco Web Security Appliance (WSA), could allow a remote attacker to conduct a cross-site scripting (XSS) attack against a user of the interface. For more information about these vulnerabilities, see the Details section of this advisory.

attack cisco cisco secure cisco secure email gateway cross-site cve email email gateway email security esa gateway interface management manager scripting secure email secure web appliance security software the web vulnerabilities web web security wsa xss