CVE-2017-12272

CVE-2017-12272 affects Cisco IOS XE Software Web Framework, where insufficient input validation in the web server enables unauthenticated, remote attackers to perform a cross-site scripting (XSS) attack. The exploit requires the victim to visit a malicious link or for an attacker to intercept a u...

Cisco IOS XE Software Web Framework Cross-Site Scripting Vulnerability

A vulnerability in the web framework code of Cisco IOS XE Software could allow an unauthenticated, remote attacker to conduct a cross-site scripting XSS attack against a user of the web interface of the affected software. The vulnerability is due to insufficient input validation of some parameter...

CVE-2016-1261

J-Web does not validate certain input that may lead to cross-site request forgery CSRF issues or cause a denial of J-Web service DoS...

ljharb's qs module input validation vulnerability

A web framework is a framework used to support the development of dynamic websites, web applications, and web services. qs module is a string query parsing module used by developers when building web frameworks. A denial of service vulnerability exists in ljharb's qs module. An attacker could...

CVE-2017-12248

A vulnerability in the web framework code of Cisco Unified Intelligence Center Software could allow an unauthenticated, remote attacker to conduct a cross-site scripting XSS attack against a user of the web interface of an affected system. The vulnerability is due to insufficient input validation...

CVE-2017-12248

A vulnerability in the web framework code of Cisco Unified Intelligence Center Software could allow an unauthenticated, remote attacker to conduct a cross-site scripting XSS attack against a user of the web interface of an affected system. The vulnerability is due to insufficient input validation...

PT-2017-12423 · Cisco · Cisco Unified Intelligence Center

Name of the Vulnerable Software and Affected Versions: Cisco Unified Intelligence Center Software affected versions not specified Description: A vulnerability in the web framework code could allow an unauthenticated, remote attacker to conduct a cross-site scripting XSS attack against a user of t...

Cisco Unified Intelligence Center Cross-Site Scripting Vulnerability

A vulnerability in the web framework code of Cisco Unified Intelligence Center Software could allow an unauthenticated, remote attacker to conduct a cross-site scripting XSS attack against a user of the web interface of an affected system. The vulnerability is due to insufficient input validation...

[SECURITY] Fedora 26 Update: python-django-1.10.8-1.fc26

Django is a high-level Python Web framework that encourages rapid development and a clean, pragmatic design. It focuses on automating as much as possible and adhering to the DRY Don't Repeat Yourself principle...

Cisco Unity Connection Cross-Site Scripting Vulnerability (CNVD-2017-31983)

Cisco Unity Connection UC is a voice messaging platform from Cisco. The platform can use voice commands to make calls or listen to messages in a "hands-free" way. A cross-site scripting vulnerability exists in the Web framework of Cisco UC version 10.52, which arises from the program's failure to...

CVE-2017-12212

A vulnerability in the web framework of Cisco Unity Connection could allow an unauthenticated, remote attacker to conduct a reflected cross-site scripting XSS attack against a user of the web interface of an affected system. The vulnerability is due to insufficient input validation of certain...

CVE-2017-12212

A vulnerability in the web framework of Cisco Unity Connection could allow an unauthenticated, remote attacker to conduct a reflected cross-site scripting XSS attack against a user of the web interface of an affected system. The vulnerability is due to insufficient input validation of certain...

CVE-2017-12221

Cisco Firepower Management Center is affected by CVE-2017-12221, a cross-site scripting (XSS) vulnerability in the web framework caused by insufficient validation of user-supplied input. An authenticated, remote attacker could exploit this in the web interface to execute arbitrary script code in ...

CVE-2017-12212

Cisco Unity Connection (v10.5(2) with default config) is affected by a reflected cross-site scripting (XSS) vulnerability in its web framework. The issue arises from insufficient input validation on HTTP GET/POST parameters, allowing an unauthenticated, remote attacker to persuade a user to follo...

PT-2017-12412 · Cisco · Cisco Firepower Management Center

Name of the Vulnerable Software and Affected Versions: Cisco Firepower Management Center affected versions not specified Description: A vulnerability in the web framework could allow an authenticated, remote attacker to conduct a cross-site scripting XSS attack against a user of the web interface...

Cisco Unity Connection Reflected Cross-Site Scripting Vulnerability

A vulnerability in the web framework of Cisco Unity Connection could allow an unauthenticated, remote attacker to conduct a reflected cross-site scripting XSS attack against a user of the web interface of an affected system. The vulnerability is due to insufficient input validation of certain...

Talking about the struts2 in the history of high-risk vulnerabilities-vulnerability warning-the black bar safety net

Apache Struts2 as the world's most popular Java Web framework of meaning, widely used in teaching, Finance, Internet, communications and other nervous industry. It's a high-risk flaws persecution can perhaps form a significant Internet Safe the dangers and huge economic loss. This article is...

Cisco Elastic Services Controller Cross-Site Scripting Vulnerability

Cisco Elastic Services Controller ESC is an open source modular system from Cisco USA. A cross-site scripting vulnerability exists in the Web framework in Cisco ESC, which stems from the program failing to adequately validate user-submitted input. A remote attacker could exploit this vulnerabilit...

CVE-2017-6776

A vulnerability in the web framework of Cisco Elastic Services Controller ESC could allow an unauthenticated, remote attacker to conduct a cross-site scripting XSS attack against a user of the web interface. The vulnerability is due to insufficient validation of user-supplied input by the affecte...

Cross site scripting

A vulnerability in the web framework of Cisco Elastic Services Controller ESC could allow an unauthenticated, remote attacker to conduct a cross-site scripting XSS attack against a user of the web interface. The vulnerability is due to insufficient validation of user-supplied input by the affecte...