PT-2026-27795

Name of the Vulnerable Software and Affected Versions Cisco IOS XE Software affected versions not specified Description A flaw exists in the web-based management interface of the Cisco IOx application hosting environment. This issue could allow a remote attacker with valid administrative...

CVE-2025-20303

Multiple vulnerabilities in the web-based management interface of Cisco ISE and Cisco ISE-PIC could allow an authenticated, remote attacker to conduct a reflected XSS attack against a user of the interface. These vulnerabilities are due to insufficient validation of user-supplied input by the...

CVE-2025-20351

A vulnerability in the web UI of Cisco Desk Phone 9800 Series, Cisco IP Phone 7800 and 8800 Series, and Cisco Video Phone 8875 running Cisco SIP Software could allow an unauthenticated, remote attacker to conduct XSS attacks against a user of the web UI. This vulnerability exists because the web ...

CVE-2025-20327

A vulnerability in the web UI of Cisco IOS Software could allow an authenticated, remote attacker with low privileges to cause a denial of service DoS condition on an affected device. This vulnerability is due to improper input validation. An attacker could exploit this vulnerability by sending a...

Cisco UCS Manager Software Stored Cross-Site Scripting Vulnerability

A vulnerability in the web-based management interface of Cisco UCS Manager Software could allow an authenticated, remote attacker to conduct a stored cross-site scripting XSS attack against a user of the interface. This vulnerability is due to insufficient validation of user-supplied input by the...

Cisco IOS XE Software Web Based Management Interface (cisco-sa-webui-multi-ARNHM4v6)

According to its self-reported version, Cisco IOS-XE Software is affected by multiple vulnerabilities. - A vulnerability in the web-based management interface of Cisco IOS XE Software could allow an authenticated, low-privileged, remote attacker to perform an injection attack against an affected...

CVE-2024-20414

A vulnerability in the web UI feature of Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated, remote attacker to conduct a cross-site request forgery CSRF attack on an affected system through the web UI. This vulnerability is due to incorrectly accepting configuration...

The vulnerability in the web interface for managing microprogrammed software in Cisco IP Phones 6800, Cisco IP Phone 7800, Cisco IP Phone 8800, and Cisco Video Phone 8875 arises from the manipulation of intersite requests. This allows a perpetrator to perform a CSRF attack and cause a service failure.

The vulnerability in the web interface of Cisco IP Phones 6800, 7800, 8800, and the Cisco Video Phone 8875 is related to the manipulation of intersite requests. Exploiting this vulnerability allows an attacker to perform CSRF attacks and cause service failures...

Vulnerability of the web interface of the Cisco IOS XE operating system, allowing a hacker to execute arbitrary commands

The vulnerability of the Cisco IOS XE operating system’s web interface exists due to the lack of measures taken to neutralize special elements used in the operating system’s commands. Exploiting this vulnerability allows a remote attacker to execute arbitrary commands...

多款Cisco产品缓冲区错误漏洞

The Cisco RV110W is a Wireless-N VPN firewall, the Cisco RV130 is a multifunction VPN router, the Cisco RV130W is a Wireless-N multifunction VPN router, and the Cisco RV215W is a Wireless-N VPN router. A remote command execution and denial of service vulnerability exists in the Web management...

The vulnerability of the web interface configuration of microprogramming software for Cisco RV110W, Cisco RV130, Cisco RV130W, and Cisco RV215W allows a hacker to execute arbitrary commands.

The vulnerability of the web interface configuration of microprogramming software for Cisco RV110W, Cisco RV130, Cisco RV130W, and Cisco RV215W exists due to insufficient verification of input data. Exploiting this vulnerability allows a remote attacker to execute arbitrary commands...

Command Injection Vulnerability in Multiple Cisco Products (CNVD-2020-35162)

Cisco Small Business RV320 and others are a VPN router from Cisco USA. A command injection vulnerability exists in the Web management interface of several Cisco products, which stems from the program failing to properly validate user-submitted input, and can be exploited by a remote attacker to...

The vulnerability in the web interface of the microprogramming software-based network interface cards Cisco RV110W Wireless-N VPN and the multi-functional VPN routers Cisco RV130W Wireless-N and Cisco RV215W Wireless-N VPN allows attackers to disclose sensitive information.

The vulnerability of the web interface of Microprogramming Software for Cisco RV110W Wireless-N VPN and Multi-Function VPN Routers such as Cisco RV130W Wireless-N and Cisco RV215W Wireless-N VPN lies in the insufficient control of access to web interface files. Exploiting this vulnerability can...