CVE-2026-20076

A vulnerability in the web-based management interface of Cisco Identity Services Engine ISE could allow an authenticated, remote attacker to conduct a stored cross-site scripting XSS attack against a user of the interface. This vulnerability is due to insufficient validation of user-supplied inpu...

CVE-2025-20342 Cisco Integrated Management Controller Virtual Keyboard Video Monitor (vKVM) Stored Cross-Site Scripting Vulnerability

A vulnerability in the Virtual Keyboard Video Monitor vKVM connection handling of Cisco Integrated Management Controller IMC could allow an authenticated, remote attacker with low privileges to conduct a stored cross-site scripting XSS attack against a user of the interface. This vulnerability is...

CVE-2025-20204 Cisco Identity Services Engine Stored Cross-Site Scripting Vulnerability

Multiple vulnerabilities in the web-based management interface of Cisco Identity Services Engine ISE could allow an authenticated, remote attacker to conduct cross-site scripting XSS attacks against a user of the interface. These vulnerabilities are due to insufficient validation of user-supplied...

CVE-2020-26067 Cisco Webex Teams Web Interface Cross-Site Scripting Vulnerability

A vulnerability in the web-based interface of Cisco Webex Teams could allow an authenticated, remote attacker to conduct cross-site scripting attacks. The vulnerability is due to improper validation of usernames. An attacker could exploit this vulnerability by creating an account that contains...

CVE-2022-20654 Cisco Webex Meetings Cross-Site Scripting Vulnerability

A vulnerability in the web-based interface of Cisco Webex Meetings could allow an unauthenticated, remote attacker to conduct a cross-site scripting XSS attack against a user of the web-based interface. This vulnerability is due to insufficient validation of user-supplied input by the web-based...

Secure Email Gateway XSS (cisco-sa-esa-wsa-sma-xss-zYm3f49n)

According to its self-reported version, Secure Email Gateway is affected by a vulnerability. - A vulnerability in the web-based management interface of Cisco AsyncOS Software for Cisco Secure Email and Web Manager, Secure Email Gateway, and Secure Web Appliance could allow an authenticated, remot...

CVE-2024-42061

A reflected cross-site scripting XSS vulnerability in the CGI program "dynamicscript.cgi" of Zyxel ATP series firmware versions from V4.32 through V5.38, USG FLEX series firmware versions from V4.50 through V5.38, USG FLEX 50W series firmware versions from V4.16 through V5.38, and USG20W-VPN seri...

CVE-2024-42061

CVE-2024-42061 is a documented reflected cross-site scripting (XSS) vulnerability in Zyxel devices. The CGI program \

CVE-2024-20488 Cisco Unified Communications Manager Cross-Site Scripting Vulnerability

A vulnerability in the web-based management interface of Cisco Unified Communications Manager Unified CM and Cisco Unified Communications Manager Session Management Edition Unified CM SME could allow an unauthenticated, remote attacker to conduct a cross-site scripting XSS attack against a user o...

CVE-2024-20392

A vulnerability in the web-based management API of Cisco AsyncOS Software for Cisco Secure Email Gateway could allow an unauthenticated, remote attacker to conduct an HTTP response splitting attack. This vulnerability is due to insufficient input validation of some parameters that are passed to t...

CVE-2024-20367

Cisco Enterprise Chat and Email (ECE) web UI vulnerability (CVE-2024-20367) enables authenticated, remote XSS due to improper input validation. An attacker must coerce a user to click a crafted link, potentially executing arbitrary script in the UI or accessing browser data. Impact is limited to ...

CVE-2024-20337

A vulnerability in the SAML authentication process of Cisco Secure Client could allow an unauthenticated, remote attacker to conduct a carriage return line feed CRLF injection attack against a user. This vulnerability is due to insufficient validation of user-supplied input. An attacker could...

Cisco Evolved Programmable Network Manager XSS (cisco-sa-pi-epnm-storedxss-tTjO62r)

The version of Cisco Evolved Programmable Network Manager installed on the remote host is 7.0 or earlier. It is, therefore, affected by a cross-site scripting XSS vulnerability. Due to insufficient validation of user input, an unauthenticated, remote attacker can, inject malicious code into...

Cisco Unified Communications Manager XSS (cisco-sa-cucm-imp-xss-QtT4VdsK)

The version of Cisco Unified Communications Manager installed on the remote host is prior to 12.51SU8 or 14 prior to 14SU4. It is, therefore affected by a cross-site scripting vulnerability XSS. An unauthenticated remote attacker could, with the interaction of another user, exploit this...

CVE-2023-20068

A vulnerability in the web-based management interface of Cisco Prime Infrastructure Software could allow an unauthenticated, remote attacker to conduct a reflected cross-site scripting XSS attack against a user of the interface on an affected device. This vulnerability is due to insufficient...

Cross site scripting

A vulnerability in the web-based management interface of Cisco Prime Infrastructure Software could allow an unauthenticated, remote attacker to conduct a reflected cross-site scripting XSS attack against a user of the interface on an affected device. This vulnerability is due to insufficient...

CVE-2023-20146 Cisco Small Business RV016, RV042, RV042G, RV082 , RV320, and RV325 Routers Cross-Site Scripting Vulnerabilities

Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV016, RV042, RV042G, RV082, RV320, and RV325 Routers could allow an unauthenticated, remote attacker to conduct cross-site scripting XSS attacks against a user of the interface. These vulnerabilities are due t...

Cisco Prime Infrastructure Stored XSS (cisco-sa-cisco-pi-epnm-xss-mZShH2J)

The version of Cisco Prime Infrastructure installed on the remote host is prior to 3.10.3. It is, therefore, affected by a cross-site scripting XSSvulnerability as referenced in the cisco-sa-cisco-pi-epnm-xss-mZShH2J advisory. This vulnerability is due to insufficient validation of user-supplied...

CVE-2023-20058

A vulnerability in the web-based management interface of Cisco Unified Intelligence Center could allow an unauthenticated, remote attacker to conduct a reflected cross-site scripting XSS attack against a user of the interface. This vulnerability exists because the web-based management interface...

Cross site scripting

A cross-site scripting XSS vulnerability in the CGI program of Zyxel ZyWALL/USG series firmware versions 4.30 through 4.72, VPN series firmware versions 4.30 through 5.31, USG FLEX series firmware versions 4.50 through 5.31, and ATP series firmware versions 4.32 through 5.31, which could allow an...