CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

OpenVAS•added 2017/03/16 12:0 a.m.•18 views

Cisco Unified Communications Manager Cross-Site Scripting Vulnerability (cisco-sa-20170315-ucm1)

A vulnerability in the web framework of Cisco Unified Communications Manager CallManager could allow an authenticated, remote attacker to perform a cross-site scripting XSS attack. Copyright C 2017 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and ar...

5.4CVSS5.3AI score0.00855EPSS

Cisco•added 2017/03/15 4:0 p.m.•27 views

Cisco Unified Communications Manager Cross-Site Scripting Vulnerability

A vulnerability in the web framework of Cisco Unified Communications Manager CallManager could allow an authenticated, remote attacker to perform a cross-site scripting XSS attack. The vulnerability is due to insufficient validation of user-supplied input by the Cisco Unified CM User Options port...

5CVSS5.3AI score0.00855EPSS

Cisco•added 2017/03/15 4:0 p.m.•24 views

Cisco Prime Service Catalog Multiple Cross-Site Scripting Vulnerabilities

A vulnerability in the web framework code of the Cisco Prime Service Catalog could allow an unauthenticated, remote attacker to conduct a cross-site scripting XSS attack against the user of the web interface of the affected system. The vulnerability is due to insufficient input validation of some...

6.1CVSS6.1AI score0.01228EPSS

OSV•added 2017/02/22 2:59 a.m.•2 views

CVE-2017-3836

A vulnerability in the web framework Cisco Unified Communications Manager could allow an unauthenticated, remote attacker to view sensitive data. More Information: CSCvb61689. Known Affected Releases: 11.51.11007.2. Known Fixed Releases: 12.00.98000.162 12.00.98000.178 12.00.98000.383...

4.3CVSS5.8AI score0.01557EPSS

Prion•added 2017/02/22 2:59 a.m.•14 views

Cross site scripting

A vulnerability in the web framework of Cisco Unified Communications Manager could allow an unauthenticated, remote attacker to conduct a cross-site scripting XSS attack against a user of the web interface of the affected software. More Information: CSCvb95951. Known Affected Releases:...

4.3CVSS5.9AI score0.01099EPSS

Prion•added 2017/02/22 2:59 a.m.•15 views

Code injection

4CVSS4.6AI score0.01557EPSS

Exploits0References3Affected Software1

OSV•added 2017/02/22 2:59 a.m.•5 views

CVE-2017-3847

A vulnerability in the web framework of Cisco Firepower Management Center could allow an authenticated, remote attacker to conduct a cross-site scripting XSS attack against a user of the web interface. More Information: CSCvc72741. Known Affected Releases: 6.2.1...

5.4CVSS5.7AI score0.00615EPSS

Exploits0References2

Prion•added 2017/02/22 2:59 a.m.•20 views

Cross site scripting

3.5CVSS5.2AI score0.00615EPSS

NVD•added 2017/02/22 2:59 a.m.•16 views

CVE-2017-3833

6.1CVSS6AI score0.01099EPSS

Exploits0References2

NVD•added 2017/02/22 2:59 a.m.•16 views

CVE-2017-3836

4.3CVSS4.7AI score0.01557EPSS

Cvelist•added 2017/02/22 2:0 a.m.•18 views

CVE-2017-3836

4.6AI score0.01557EPSS

CVE•added 2017/02/22 2:0 a.m.•47 views

CVE-2017-3833

The CVE-2017-3833 entry concerns Cisco Unified Communications Manager (CUCM) Web Interface XSS. A vulnerability exists in the web framework where insufficient input validation allows an unauthenticated, remote attacker to execute arbitrary script in the context of the user’s web interface. Affect...

6.1CVSS5.9AI score0.01099EPSS

CVE•added 2017/02/22 2:0 a.m.•62 views

CVE-2017-3847

CVE-2017-3847 affects Cisco Firepower Management Center Web Framework. An authenticated, remote attacker can exploit a vulnerability in the web interface by sending crafted URLs to execute arbitrary script code in the browser (XSS). Root cause: insufficient validation/sanitization of user input. ...

5.4CVSS5.2AI score0.00615EPSS

CVE•added 2017/02/22 2:0 a.m.•57 views

CVE-2017-3836

CVE-2017-3836 affects Cisco Unified Communications Manager (CUCM) web framework. The vulnerability allows an attacker to view sensitive data via a flaw in access protection of sensitive files exposed through URL parameters. Connected sources describe it as an information-disclosure issue in CUCM’...

4.3CVSS4.6AI score0.01557EPSS

Exploits0References3Affected Software1

Cvelist•added 2017/02/22 2:0 a.m.•19 views

CVE-2017-3833

6AI score0.01099EPSS

Exploits0References2

OpenVAS•added 2017/02/16 12:0 a.m.•23 views

Cisco Firepower Management Center Web Framework Cross-Site Scripting Vulnerability

A vulnerability in the web framework of Cisco Firepower Management Center could allow an authenticated, remote attacker to conduct a cross-site scripting XSS attack against a user of the web interface. SPDX-FileCopyrightText: 2017 Greenbone AG Some text descriptions might be excerpted from a...

5.4CVSS5.3AI score0.00615EPSS

Cisco•added 2017/02/15 4:0 p.m.•25 views

Cisco Unified Communications Manager Information Disclosure Vulnerability

A vulnerability in the web framework of Cisco Unified Communications Manager could allow an authenticated, remote attacker to view sensitive data. The vulnerability is due to insufficient protection of sensitive files. An attacker could exploit this vulnerability by modifying parameters of a...

4.3CVSS4.5AI score0.01557EPSS

Cisco•added 2017/02/15 4:0 p.m.•26 views

Cisco Firepower Management Center Web Framework Cross-Site Scripting Vulnerability

A vulnerability in the web framework of Cisco Firepower Management Center could allow an authenticated, remote attacker to conduct a cross-site scripting XSS attack against a user of the web interface. The vulnerability occurs because the affected software fails to perform sufficient validation a...

4.8CVSS5.3AI score0.00615EPSS