CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

Cisco•added 2017/04/19 4:0 p.m.•23 views

Cisco Prime Infrastructure Web Framework Code Cross-Site Scripting Vulnerability

A vulnerability in the web framework code of Cisco Prime Infrastructure could allow an unauthenticated, remote attacker to conduct a cross-site scripting XSS attack against the user of the web interface of the affected system. The vulnerability is due to insufficient input validation of some...

5.3CVSS6.1AI score0.01171EPSS

BDU FSTEC•added 2017/03/31 12:0 a.m.•2 views

The vulnerability of the Cisco Unified Communications Manager system allows attackers to carry out cross-site scripting attacks.

The vulnerability of the web-based application framework of the Cisco Unified Communications Manager exists due to the lack of protective measures taken for the structure of the web page. Exploiting this vulnerability could allow a malicious actor to perform cross-site scripting attacks remotely...

3.5CVSS5.6AI score0.00855EPSS

ThreatPost•added 2017/03/23 3:24 p.m.•33 views

Cisco Patches Critical IOx Vulnerability

Cisco Systems patched a critical vulnerability Wednesday that could allow an unauthenticated, remote attacker to execute remote code on affected hardware and gain root privileges. The bug is in Cisco’s Data-in-Motion DMo process, part of the company’s IOx application environment that marries its...

10CVSS3.6AI score0.08711EPSS

Exploits0References10

CNVD•added 2017/03/23 12:0 a.m.•1 views

Cisco Iox Arbitrary File Modification Vulnerability

Cisco IOx is a suite of applications from Cisco USA that provide unified hosting capabilities for Cisco's IoT network infrastructure. A security vulnerability in the web framework code in the CAF component of Cisco IOx can be exploited by remote attackers to upload malicious data messages to writ...

8.1CVSS7.4AI score0.02531EPSS

CNVD•added 2017/03/23 12:0 a.m.•0 views

Cisco IOS XE Arbitrary Command Execution Vulnerability

Cisco IOS XE Software is an operating system developed by Cisco for its network devices. An arbitrary command execution vulnerability exists in the Web framework of Cisco IOS XE Software, which allows an authenticated, remote attacker to inject arbitrary commands with root privileges due to...

9CVSS7.6AI score0.03131EPSS

OpenVAS•added 2017/03/23 12:0 a.m.•23 views

Cisco Application-Hosting Framework Directory Traversal Vulnerability

A vulnerability in the web framework code of the Cisco application-hosting framework CAF component of the Cisco IOx application environment could allow an unauthenticated, remote attacker to read any file from the CAF in the virtual instance running on the affected device. SPDX-FileCopyrightText:...

7.5CVSS7.6AI score0.05207EPSS

Prion•added 2017/03/22 7:59 p.m.•14 views

Input validation

A vulnerability in the web framework of Cisco IOS XE Software could allow an authenticated, remote attacker to inject arbitrary commands that are executed with root privileges. The vulnerability is due to insufficient input validation of HTTP parameters supplied by the user. An attacker could...

9CVSS8.7AI score0.03131EPSS

CVE•added 2017/03/22 7:0 p.m.•57 views

CVE-2017-3851

CVE-2017-3851 is a directory-traversal vulnerability in Cisco IOx CAF: unauthenticated remote attacker can read files from the CAF web interface within the virtual instance. Affected Cisco IOx CAF versions: 1.0.0.0 and 1.1.0.0. Exploitation involves crafting requests to the CAF web interface; imp...

7.5CVSS7.5AI score0.05207EPSS

Exploits0References4Affected Software1

Cisco•added 2017/03/22 4:0 p.m.•25 views

Cisco IOS XE Software HTTP Command Injection Vulnerability

8.8CVSS9AI score0.03131EPSS

OSV•added 2017/03/17 10:59 p.m.•0 views

CVE-2017-3874

A vulnerability in the web framework of Cisco Unified Communications Manager CallManager could allow an authenticated, remote attacker to perform a cross-site scripting XSS attack. More Information: CSCvb70033. Known Affected Releases: 11.51.11007.2. Known Fixed Releases: 12.00.98000.507...

5.4CVSS5.8AI score

OSV•added 2017/03/17 10:59 p.m.•4 views

CVE-2017-3877

A vulnerability in the web framework of Cisco Unified Communications Manager CallManager could allow an unauthenticated, remote attacker to conduct a cross-site request forgery CSRF attack against a user of the web interface of the affected software. More Information: CSCvb70021. Known Affected...

6.5CVSS5.7AI score0.00769EPSS

Prion•added 2017/03/17 10:59 p.m.•19 views

Cross site scripting

A vulnerability in the web framework code of Cisco Prime Service Catalog could allow an unauthenticated, remote attacker to conduct a cross-site scripting XSS attack against the user of the web interface of the affected system. More Information: CSCvc79842 CSCvc79846 CSCvc79855 CSCvc79873...

4.3CVSS6AI score0.01228EPSS

Prion•added 2017/03/17 10:59 p.m.•19 views

Cross site scripting

3.5CVSS5.2AI score0.00855EPSS

Prion•added 2017/03/17 10:59 p.m.•16 views

Cross site request forgery (csrf)

4.3CVSS6.6AI score0.00769EPSS

NVD•added 2017/03/17 10:59 p.m.•16 views

CVE-2017-3866

6.1CVSS6AI score0.01228EPSS

NVD•added 2017/03/17 10:59 p.m.•17 views

CVE-2017-3874

5.4CVSS5.3AI score0.00855EPSS

Cvelist•added 2017/03/17 10:0 p.m.•27 views

CVE-2017-3866

6AI score0.01228EPSS

CVE•added 2017/03/17 10:0 p.m.•46 views

CVE-2017-3866

Cisco Prime Service Catalog exposes a cross-site scripting (XSS) vulnerability in its web framework. An unauthenticated, remote attacker could leverage insufficient input validation of web parameters to execute arbitrary scripts in a user’s browser. Affected release includes 11.1.2. The Cisco adv...

6.1CVSS6AI score0.01228EPSS

CVE•added 2017/03/17 10:0 p.m.•61 views

CVE-2017-3877

CVE-2017-3877 concerns Cisco Unified Communications Manager (CallManager) CSRF vulnerability in the web framework. An unauthenticated remote attacker could induce a user to perform arbitrary actions in the affected web interface due to insufficient CSRF protections (CSCvb70021). Affected release ...

6.5CVSS6.5AI score0.00769EPSS