16 matches found
EUVD-2026-27856
A vulnerability in the Lite Agent feature of Cisco Enterprise Chat and Email ECE could allow an authenticated, remote attacker to conduct browser-based attacks. To exploit this vulnerability, the attacker must have valid credentials for a user account with at least the role of Agent. This...
EUVD-2019-10427
Malware in sbrugna...
EUVD-2025-19737
Malicious code in bioql PyPI...
CVE-2025-20310
CVE-2025-20310 : Cisco Enterprise Chat and Email (ECE) web UI vulnerability where input in the interface is not properly validated, enabling a stored XSS attack. An unauthenticated, remote attacker could lure a user to click a crafted link, potentially executing arbitrary script in the user’s bro...
The vulnerability of the chat message exchange function in Cisco Enterprise Chat and Email (ECE) allows a perpetrator to cause a service failure.
The vulnerability of the chat message exchange function in Cisco Enterprise Chat and Email ECE is related to insufficient processing of regular expressions. Exploiting this vulnerability can allow a malicious actor to cause service failures by sending specially crafted requests...
CVE-2024-20484
A vulnerability in the External Agent Assignment Service EAAS feature of Cisco Enterprise Chat and Email ECE could allow an unauthenticated, remote attacker to cause a denial of service DoS condition on an affected device. This vulnerability is due to insufficient validation of Media Routing...
CVE-2024-20484
CVE-2024-20484 affects Cisco Enterprise Chat and Email (ECE) External Agent Assignment Service (EAAS). The root cause is insufficient validation of MR PIM traffic, allowing an unauthenticated remote attacker to trigger a MR PIM connection failure between ECE and Cisco Unified Contact Center Enter...
The vulnerability in the web interface of Cisco Enterprise Chat and Email (ECE) allows a perpetrator to carry out cross-site scripting attacks.
The vulnerability of the Cisco Enterprise Chat and Email ECE web interface is related to the lack of protective measures for the website structure. Exploiting this vulnerability allows a malicious actor to perform cross-site scripting attacks remotely...
CVE-2024-20367
A vulnerability in the web UI of Cisco Enterprise Chat and Email ECE could allow an authenticated, remote attacker to conduct a cross-site scripting XSS attack against a user of the interface. This vulnerability exists because the web UI does not properly validate user-supplied input. An attacker...
CVE-2024-20367
A vulnerability in the web UI of Cisco Enterprise Chat and Email ECE could allow an authenticated, remote attacker to conduct a cross-site scripting XSS attack against a user of the interface. This vulnerability exists because the web UI does not properly validate user-supplied input. An attacker...
The vulnerability in the web interface for managing Cisco Enterprise Chat and Email allows attackers to perform cross-site scripting attacks.
The vulnerability of the web interface for managing Cisco Enterprise Chat and Email is related to insufficient protection of the website structure. Exploiting this vulnerability allows a malicious actor to perform cross-site scripting attacks using a specially created website...
CVE-2019-1877
A vulnerability in the HTTP API of Cisco Enterprise Chat and Email could allow an unauthenticated, remote attacker to download files attached through chat sessions. The vulnerability is due to insufficient authentication mechanisms on the file download function of the API. An attacker could explo...
The vulnerability in the web interfaces of Cisco Enterprise Chat and Email allows a perpetrator to execute arbitrary code in a user’s browser.
The vulnerability of the Cisco Enterprise Chat and Email messaging interfaces is related to insufficient validation of input data. Exploiting this vulnerability allows a malicious actor to execute arbitrary code in a user’s browser using a specially crafted link...
CVE-2019-1702 Cisco Enterprise Chat and Email Cross-Site Scripting Vulnerabilities
Multiple vulnerabilities in the web-based management interface of Cisco Enterprise Chat and Email could allow an unauthenticated, remote attacker to conduct a cross-site scripting XSS attack against a user of the web-based management interface of the affected software. The vulnerabilities are due...
CVE-2019-1702
Multiple vulnerabilities in the web-based management interface of Cisco Enterprise Chat and Email could allow an unauthenticated, remote attacker to conduct a cross-site scripting XSS attack against a user of the web-based management interface of the affected software. The vulnerabilities are due...
Cross site scripting
Multiple vulnerabilities in the web-based management interface of Cisco Enterprise Chat and Email could allow an unauthenticated, remote attacker to conduct a cross-site scripting XSS attack against a user of the web-based management interface of the affected software. The vulnerabilities are due...