CVE-2014-3289

EPSS 0.66% · P71 Updated Feb 21, 2026

Get alerts for future matching vulnerabilitiesLog in to subscribe

I. Basic Information for CVE-2014-3289

Vulnerability Information

Have questions about the vulnerability? See if Shenlong's analysis helps!

Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.

Vulnerability Title

N/A

Source: NVD (National Vulnerability Database)

Vulnerability Description

Cross-site scripting (XSS) vulnerability in the web management interface in Cisco AsyncOS on the Email Security Appliance (ESA) 8.0, Web Security Appliance (WSA) 8.0 (.5 Hot Patch 1) and earlier, and Content Security Management Appliance (SMA) 8.3 and earlier allows remote attackers to inject arbitrary web script or HTML via a crafted parameter, as demonstrated by the date_range parameter to monitor/reports/overview on the IronPort ESA, aka Bug IDs CSCun07998, CSCun07844, and CSCun07888.

Source: NVD (National Vulnerability Database)

CVSS Information

N/A

Source: NVD (National Vulnerability Database)

Vulnerability Type

N/A

Source: NVD (National Vulnerability Database)

Vulnerability Title

Cisco AsyncOS 跨站脚本漏洞

Source: CNNVD (China National Vulnerability Database)

Vulnerability Description

Cisco AsyncOS on Email Security Appliance（ESA）等都是美国思科（Cisco）公司的产品。Cisco ESA是一套电子邮件安全设备。Cisco Content Security Management Appliance（SMA）是一套内容安全管理设备。Cisco Web Security Appliance（WSA）是一套网络安全设备。Cisco AsyncOS是一套使用在这些产品中的操作系统。 Cisco AsyncOS的Web管理界面中存在跨站脚本漏洞。远程攻

Source: CNNVD (China National Vulnerability Database)

CVSS Information

N/A

Source: CNNVD (China National Vulnerability Database)

Vulnerability Type

N/A

Source: CNNVD (China National Vulnerability Database)

Affected Products

Vendor	Product	Affected Versions	CPE	Subscribe
-	n/a	n/a	-

II. Public POCs for CVE-2014-3289

#	POC Description	Source Link	Shenlong Link

AI-Generated POCPremium

No public POC found.

III. Intelligence Information for CVE-2014-3289

请登录查看更多情报信息。

Advisory · 1

http://tools.cisco.com/security/center/viewAlert.x?alertId=34569x_refsource_CONFIRM
http://packetstormsecurity.com/files/127004/Cisco-Ironport-Email-Security-Virtual-Appliance-8.0.0-671-XSS.htmlx_refsource_MISC
http://www.securityfocus.com/bid/67943vdb-entryx_refsource_BID
http://secunia.com/advisories/58296third-party-advisoryx_refsource_SECUNIA
http://www.securitytracker.com/id/1030407vdb-entryx_refsource_SECTRACK
http://www.kb.cert.org/vuls/id/613308third-party-advisoryx_refsource_CERT-VN
Security Advisoriesvendor-advisoryx_refsource_CISCO
http://seclists.org/fulldisclosure/2014/Jun/57mailing-listx_refsource_FULLDISC
https://nvd.nist.gov/vuln/detail/CVE-2014-3289

Same Patch Batch · n/a · 2014-06-10 · 13 CVEs total

CVE-2014-3042		IBM CICS Transaction Server for z/OS 缓冲区溢出漏洞
CVE-2014-3287		Cisco Unified Communications Manager SQL注入漏洞
CVE-2014-3292		Cisco Unified Communications Manager RTMT 输入验证漏洞
CVE-2014-3294		Cisco WebEx Meeting Server 权限许可和访问控制漏洞
CVE-2009-5023		Fail2ban 本地权限提升漏洞
CVE-2013-6825		Offis DCMTK 安全漏洞
CVE-2014-0220		Cloudera Manager 安全漏洞
CVE-2014-3216		Gretech GOM Media Player 安全漏洞
CVE-2014-3465		GnuTLS ‘gnutls_x509_dn_oid_name’函数安全漏洞
CVE-2014-3873		FreeBSD kernel 内存泄露漏洞
CVE-2014-3880		FreeBSD kernel 安全漏洞
CVE-2014-4017		WordPress Conversion Ninja Plugin‘id’参数跨站脚本漏洞

IV. Related Vulnerabilities

Same product: n/a

Same vendor: n/a

V. Comments for CVE-2014-3289

No comments yet

Goal Reached Thanks to every supporter — we hit 100%!

CVE-2014-3289

I. Basic Information for CVE-2014-3289

Vulnerability Information

Vulnerability Title

Vulnerability Description

CVSS Information

Vulnerability Type

Vulnerability Title

Vulnerability Description

CVSS Information

Vulnerability Type

Affected Products

II. Public POCs for CVE-2014-3289

III. Intelligence Information for CVE-2014-3289

Same Patch Batch · n/a · 2014-06-10 · 13 CVEs total

IV. Related Vulnerabilities

V. Comments for CVE-2014-3289

Leave a comment