1332 matches found
CVE-2018-0390
A vulnerability in the web framework of Cisco Webex could allow an unauthenticated, remote attacker to conduct a Document Object Model-based DOM-based cross-site scripting XSS attack against the user of the web interface of an affected system. The vulnerability is due to insufficient input...
Cross site scripting
A vulnerability in the web framework of the Cisco Unified Communications Manager IM and Presence Service software could allow an authenticated, remote attacker to conduct a cross-site scripting XSS attack against the user of the web interface of an affected system. The vulnerability is due to...
Cross site scripting
A vulnerability in the web framework of Cisco Webex could allow an unauthenticated, remote attacker to conduct a Document Object Model-based DOM-based cross-site scripting XSS attack against the user of the web interface of an affected system. The vulnerability is due to insufficient input...
CVE-2018-0396
CVE-2018-0396 is a cross-site scripting (XSS) vulnerability affecting Cisco Unified Communications Manager IM and Presence Service web framework. It arises from insufficient input validation of parameters passed to the web server, enabling an authenticated, remote attacker to craft a malicious li...
Cisco Unified Communications Manager IM And Presence Service Cross-Site Scripting Vulnerability
A vulnerability in the web framework of the Cisco Unified Communications Manager IM and Presence Service software could allow an authenticated, remote attacker to conduct a cross-site scripting XSS attack against the user of the web interface of an affected system. The vulnerability is due to...
Directory traversal
Directory traversal in Jester web framework 0.2.0 allows remote attackers to fetch files in arbitrary locations via "..%f" sequences...
CVE-2018-13034
Directory traversal in Jester web framework 0.2.0 allows remote attackers to fetch files in arbitrary locations via "..%f" sequences...
CVE-2018-13034
Directory traversal in Jester web framework 0.2.0 allows remote attackers to fetch files in arbitrary locations via "..%f" sequences...
CVE-2018-13034
Directory traversal in Jester web framework 0.2.0 allows remote attackers to fetch files in arbitrary locations via "..%f" sequences...
CVE-2018-13034
CVE-2018-13034: A directory traversal vulnerability in the Jester web framework (version 0.2.0) enables remote attackers to fetch files in arbitrary locations by crafting requests with "..%f" sequences. The vulnerability primarily impacts confidentiality (C) with partial impact, as indicated by C...
unicorn-list path traversal vulnerability
unicorn-list is a web framework for dynamically loading content using the .cats engine. A path traversal vulnerability exists in unicorn-list. An attacker can exploit this vulnerability by placing a '. /' sequence in a URL to gain access to the file system...
Cross site scripting
A vulnerability in the web framework of the Cisco Unified Communications Manager Unified CM software could allow an authenticated, remote attacker to conduct a cross-site scripting XSS attack against the user of the web interface of the affected system. The vulnerability is due to insufficient...
Cross site scripting
A vulnerability in the web framework of Cisco Unity Connection could allow an unauthenticated, remote attacker to conduct a cross-site scripting XSS attack against the user of the web interface of an affected system. The vulnerability is due to insufficient input validation of certain parameters...
Cross site scripting
A vulnerability in the web framework of Cisco WebEx could allow an unauthenticated, remote attacker to conduct a cross-site scripting XSS attack against the user of the web interface of an affected system. The vulnerability is due to insufficient input validation of certain parameters that are...
CVE-2018-0340
A vulnerability in the web framework of the Cisco Unified Communications Manager Unified CM software could allow an authenticated, remote attacker to conduct a cross-site scripting XSS attack against the user of the web interface of the affected system. The vulnerability is due to insufficient...
CVE-2018-0354
A vulnerability in the web framework of Cisco Unity Connection could allow an unauthenticated, remote attacker to conduct a cross-site scripting XSS attack against the user of the web interface of an affected system. The vulnerability is due to insufficient input validation of certain parameters...
CVE-2018-0354
The CVE-2018-0354 issue affects Cisco Unity Connection, specifically the web framework. It stems from insufficient input validation for parameters passed via HTTP GET/POST, enabling an unauthenticated, remote attacker to trigger cross-site scripting (XSS) in a user’s browser when a user follows a...
CVE-2018-0340
CVE-2018-0340 describes a cross-site scripting vulnerability in Cisco Unified Communications Manager (CUCM) web framework. The issue stems from insufficient input validation of web server parameters, enabling an authenticated, remote attacker to craft a malicious link or intercept user requests t...
CVE-2018-0354
A vulnerability in the web framework of Cisco Unity Connection could allow an unauthenticated, remote attacker to conduct a cross-site scripting XSS attack against the user of the web interface of an affected system. The vulnerability is due to insufficient input validation of certain parameters...
CVE-2018-0320
A vulnerability in the web framework code of Cisco Prime Collaboration Provisioning PCP could allow an unauthenticated, remote attacker to execute arbitrary SQL queries. The vulnerability is due to a lack of proper validation on user-supplied input in SQL queries. An attacker could exploit this...