CVE-2024-20392

CVE-2024-20392 describes a vulnerability in the web-based management API of Cisco AsyncOS Software for Cisco Secure Email Gateway. The flaw arises from insufficient input validation of parameters passed to the API, enabling an unauthenticated, remote attacker to perform an HTTP response splitting...

CVE-2023-20248

A vulnerability in the web-based management interface of Cisco TelePresence Management Suite TMS Software could allow an authenticated, remote attacker to conduct a cross-site scripting XSS attack against a user of the interface. This vulnerability is due to insufficient input validation by the...

CVE-2023-20249

A vulnerability in the web-based management interface of Cisco TelePresence Management Suite TMS Software could allow an authenticated, remote attacker to conduct a cross-site scripting XSS attack against a user of the interface. This vulnerability is due to insufficient input validation by the...

Cisco Unified Communications Manager IM & Presence XSS (cisco-sa-cucm-imps-xss-quWkd9yF)

According to its self-reported version, Cisco Unified Communications Manager IM & Presence running on the report host is affected by a coss-site scripting XSS vulnerability. The vulnerability exists in the web-based management interface due to improper validation of user-supplied input before...

CVE-2024-20334

A vulnerability in the web-based management interface of Cisco TelePresence Management Suite TMS could allow a low-privileged, remote attacker to conduct a cross-site scripting XSS attack against a user of the interface. This vulnerability is due to insufficient input validation by the web-based...

CVE-2024-20334

A vulnerability in the web-based management interface of Cisco TelePresence Management Suite TMS could allow a low-privileged, remote attacker to conduct a cross-site scripting XSS attack against a user of the interface. This vulnerability is due to insufficient input validation by the web-based...

CVE-2024-20334

CVE-2024-20334 affects Cisco TelePresence Management Suite (TMS) web-based management interface. Vulnerability arises from insufficient input validation in the interface, enabling a low-privileged, remote attacker to perform cross-site scripting (XSS). A successful exploit could execute arbitrary...

CVE-2024-20367

A vulnerability in the web UI of Cisco Enterprise Chat and Email ECE could allow an authenticated, remote attacker to conduct a cross-site scripting XSS attack against a user of the interface. This vulnerability exists because the web UI does not properly validate user-supplied input. An attacker...

Cisco IP Phones 6800, 7800, and 8800 Series with Multiplatform Firmware Cross-Site Scripting (CVE-2019-16008)

A vulnerability in the web-based GUI of Cisco IP Phone 6800, 7800, and 8800 Series with Multiplatform Firmware could allow an authenticated, remote attacker to conduct a cross-site scripting XSS attack against a user of the web-based interface of an affected system. The vulnerability is due to...

Crlf injection

A vulnerability in the SAML authentication process of Cisco Secure Client could allow an unauthenticated, remote attacker to conduct a carriage return line feed CRLF injection attack against a user. This vulnerability is due to insufficient validation of user-supplied input. An attacker could...

CVE-2024-20337

A vulnerability in the SAML authentication process of Cisco Secure Client could allow an unauthenticated, remote attacker to conduct a carriage return line feed CRLF injection attack against a user. This vulnerability is due to insufficient validation of user-supplied input. An attacker could...

CVE-2024-26300

A vulnerability in the guest interface of ClearPass Policy Manager could allow an authenticated remote attacker to conduct a stored cross-site scripting XSS attack against an administrative user of the interface. A successful exploit allows an attacker to execute arbitrary script code in a victim...

Cross site scripting

A vulnerability in the guest interface of ClearPass Policy Manager could allow an authenticated remote attacker to conduct a stored cross-site scripting XSS attack against an administrative user of the interface. A successful exploit allows an attacker to execute arbitrary script code in a victim...

CVE-2024-26299

A vulnerability in the web-based management interface of ClearPass Policy Manager could allow an authenticated remote attacker to conduct a stored cross-site scripting XSS attack against an administrative user of the interface. A successful exploit allows an attacker to execute arbitrary script...

Cross site scripting

A vulnerability in the web-based management interface of ClearPass Policy Manager could allow an authenticated remote attacker to conduct a stored cross-site scripting XSS attack against an administrative user of the interface. A successful exploit allows an attacker to execute arbitrary script...

Cross site scripting

A vulnerability in the web-based management interface of Cisco Unity Connection could allow an authenticated, remote attacker to conduct a cross-site scripting XSS attack against a user of the interface. This vulnerability exists because the web-based management interface does not properly valida...

CVE-2024-20305

A vulnerability in the web-based management interface of Cisco Unity Connection could allow an authenticated, remote attacker to conduct a cross-site scripting XSS attack against a user of the interface. This vulnerability exists because the web-based management interface does not properly valida...

CVE-2024-20270

A vulnerability in the web-based management interface of Cisco BroadWorks Application Delivery Platform and Cisco BroadWorks Xtended Services Platform could allow an authenticated, remote attacker to conduct a stored cross-site scripting XSS attack against a user of the interface. This...

CVE-2024-20251

A vulnerability in the web-based management interface of Cisco Identity Services Engine ISE could allow an authenticated, remote attacker to perform a stored cross-site scripting XSS attack against a user of the interface on an affected device. This vulnerability exists because the web-based...

Cross site scripting

A vulnerability in the web-based management interface of Cisco Identity Services Engine ISE could allow an authenticated, remote attacker to perform a stored cross-site scripting XSS attack against a user of the interface on an affected device. This vulnerability exists because the web-based...