### [CVE-2024-20504](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-20504)
![](https://img.shields.io/static/v1?label=Product&message=Cisco%20Secure%20Email%20and%20Web%20Manager&color=blue)
![](https://img.shields.io/static/v1?label=Product&message=Cisco%20Secure%20Email&color=blue)
![](https://img.shields.io/static/v1?label=Product&message=Cisco%20Secure%20Web%20Appliance&color=blue)
![](https://img.shields.io/static/v1?label=Version&message=14.0.0-404%20&color=brightgreen)
![](https://img.shields.io/static/v1?label=Version&message=14.0.0-698%20&color=brightgreen)
![](https://img.shields.io/static/v1?label=Version&message=14.0.2-012%20&color=brightgreen)
![](https://img.shields.io/static/v1?label=Version&message=14.0.3-014%20&color=brightgreen)
![](https://img.shields.io/static/v1?label=Version&message=14.0.4-005%20&color=brightgreen)
![](https://img.shields.io/static/v1?label=Version&message=14.0.5-007%20&color=brightgreen)
![](https://img.shields.io/static/v1?label=Version&message=14.1.0-032%20&color=brightgreen)
![](https://img.shields.io/static/v1?label=Version&message=14.1.0-041%20&color=brightgreen)
![](https://img.shields.io/static/v1?label=Version&message=14.1.0-047%20&color=brightgreen)
![](https://img.shields.io/static/v1?label=Version&message=14.1.0-223%20&color=brightgreen)
![](https://img.shields.io/static/v1?label=Version&message=14.1.0-227%20&color=brightgreen)
![](https://img.shields.io/static/v1?label=Version&message=14.2.0-212%20&color=brightgreen)
![](https://img.shields.io/static/v1?label=Version&message=14.2.0-224%20&color=brightgreen)
![](https://img.shields.io/static/v1?label=Version&message=14.2.0-620%20&color=brightgreen)
![](https://img.shields.io/static/v1?label=Version&message=14.2.1-020%20&color=brightgreen)
![](https://img.shields.io/static/v1?label=Version&message=14.3.0-032%20&color=brightgreen)
![](https://img.shields.io/static/v1?label=Version&message=14.3.0-120%20&color=brightgreen)
![](https://img.shields.io/static/v1?label=Version&message=14.5.0-498%20&color=brightgreen)
![](https://img.shields.io/static/v1?label=Version&message=14.5.1-008%20&color=brightgreen)
![](https://img.shields.io/static/v1?label=Version&message=14.5.1-016%20&color=brightgreen)
![](https://img.shields.io/static/v1?label=Version&message=14.5.1-510%20&color=brightgreen)
![](https://img.shields.io/static/v1?label=Version&message=14.5.1-607%20&color=brightgreen)
![](https://img.shields.io/static/v1?label=Version&message=14.5.2-011%20&color=brightgreen)
![](https://img.shields.io/static/v1?label=Version&message=14.5.3-033%20&color=brightgreen)
![](https://img.shields.io/static/v1?label=Version&message=15.0.0-104%20&color=brightgreen)
![](https://img.shields.io/static/v1?label=Version&message=15.0.0-322%20&color=brightgreen)
![](https://img.shields.io/static/v1?label=Version&message=15.0.0-334%20&color=brightgreen)
![](https://img.shields.io/static/v1?label=Version&message=15.0.0-355%20&color=brightgreen)
![](https://img.shields.io/static/v1?label=Version&message=15.0.1-030%20&color=brightgreen)
![](https://img.shields.io/static/v1?label=Version&message=15.1.0-287%20&color=brightgreen)
![](https://img.shields.io/static/v1?label=Version&message=15.2.0-116%20&color=brightgreen)
![](https://img.shields.io/static/v1?label=Version&message=15.2.0-164%20&color=brightgreen)
![](https://img.shields.io/static/v1?label=Version&message=15.5.0-048%20&color=brightgreen)
![](https://img.shields.io/static/v1?label=Version&message=15.5.1-024%20&color=brightgreen)
![](https://img.shields.io/static/v1?label=Version&message=15.5.1-029%20&color=brightgreen)
![](https://img.shields.io/static/v1?label=Version&message=15.5.1-055%20&color=brightgreen)
![](https://img.shields.io/static/v1?label=Vulnerability&message=Improper%20Neutralization%20of%20Script-Related%20HTML%20Tags%20in%20a%20Web%20Page%20(Basic%20XSS)&color=brightgreen)

### Description

A vulnerability in the web-based management interface of Cisco AsyncOS Software for Cisco Secure Email and Web Manager, Secure Email Gateway, and Secure Web Appliance could allow an authenticated, remote attacker to conduct a stored cross-site scripting (XSS) attack against a user of the interface.

This vulnerability is due to insufficient validation of user input. An attacker could exploit this vulnerability by persuading a user of an affected interface to click a crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive, browser-based information.

### POC

#### Reference
No PoCs from references.

#### Github
- https://github.com/fkie-cad/nvd-json-data-feeds