从这个网页截图中,可以获取到以下关于漏洞的关键信息: 关键信息概览 漏洞类型: Cross-Site Scripting (XSS) Vulnerability 严重程度: Medium CVE编号: CVE-2017-6661 CVSS评分: 6.1 受影响产品: Cisco Email Security Appliance (ESA) 和 Cisco Content Security Management Appliance (SMA) 存在漏洞原因: 由于受影响设备的Web管理接口缺乏对用户输入的充分验证,导致攻击者可以通过诱导用户点击恶意链接进行攻击 影响: 攻击者可以利用此漏洞在设备界面的上下文中执行任意脚本代码,或访问敏感的基于浏览器的信息 解决方法: 无现有解决办法,应升级软件 已确认不涉及产品: Cisco Web Security Appliance 发布时间: 2017年6月7日,GMT时间16:00 来源: 在内部安全测试中发现此漏洞 相关链接和文档: - XSS 攻击和潜在缓解措施的更多信息 - OWASP关于跨站脚本攻击的解释) 具体信息节选 Summary: A vulnerability in the web-based management interface of Cisco Email Security Appliance (ESA) and Cisco Content Security Management Appliance (SMA) could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web-based management interface of an affected device. Exploitation and Public Announcements: The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory.