思科AsyncOS软件的网络管理界面存在多个漏洞，可能使远程攻击者对该界面用户进行跨站脚本攻击。思科已发布软件更新来解决这些漏洞，无其他解决方法。此消息安全影响评级为中，相关信息可通过链接查看，涉及CVE编号。

🎯思科AsyncOS软件的网络管理界面存在漏洞，远程攻击者可借此对用户实施跨站脚本攻击，这可能导致用户信息泄露或其他安全问题。

💻思科已发布软件更新以解决这些漏洞，但目前没有其他可行的解决办法。用户应及时关注并进行软件更新，以降低安全风险。

🔗该漏洞的相关信息可在特定链接中查看，其中包括安全影响评级为中，以及涉及的CVE编号如CVE-2024-20256、CVE-2024-20257等。

Multiple vulnerabilities in the web-based management interface of Cisco AsyncOS Software for Cisco Secure Email and Web Manager; Secure Email Gateway, formerly Email Security Appliance (ESA); and Secure Web Appliance could allow a remote attacker to conduct a cross-site scripting (XSS) attack against a user of the interface.

For more information about these vulnerabilities, see the Details section of this advisory.

Cisco has released software updates that address these vulnerabilities. There are no workarounds that address these vulnerabilities.

This advisory is available at the following link:
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-esa-sma-wsa-xss-bgG5WHOD

Security Impact Rating: Medium
CVE: CVE-2024-20256,CVE-2024-20257,CVE-2024-20258,CVE-2024-20383