CVE-2020-3136 Cisco Jabber Guest Cross-Site Scripting Vulnerability

A vulnerability in the web-based management interface of Cisco Jabber Guest could allow an unauthenticated, remote attacker to conduct a cross-site scripting XSS attack against a user of the web-based management interface of an affected device. The vulnerability exists because the web-based...

Cisco IOS XE Software Web UI Cross-Site Scripting Multiple Vulnerabilities (cisco-sa-20180328-webuixss)

According to its self-reported version, Cisco IOS XE Software is affected by multiple cross-site scripting XSS vulnerabilities in the web-based user interface web UI due to insufficient input validation of certain parameters that are passed to the affected software via the web UI. An...

CVE-2019-12703

A vulnerability in the web-based management interface of Cisco SPA122 ATA with Router Devices could allow an unauthenticated, adjacent attacker to conduct cross-site scripting attacks. The vulnerability is due to insufficient validation of user-supplied input by the web-based management interface...

Cross site scripting

A vulnerability in the web-based management interface of Cisco Expressway Series and Cisco TelePresence Video Communication Server VCS could allow an unauthenticated, remote attacker to conduct a cross-site scripting XSS attack against a user of the web-based management interface of an affected...

CVE-2019-12638 Cisco Identity Services Engine Stored Cross-Site Scripting Vulnerability

A vulnerability in the web-based management interface of Cisco Identity Services Engine ISE could allow an authenticated, remote attacker to conduct cross-site scripting XSS attacks against a user of the web-based management interface. The vulnerability is due to insufficient validation of...

Cisco Firepower Management Center Multiple Cross-Site Scripting Vulnerabilities

Multiple vulnerabilities in the web-based management interface of Cisco Firepower Management Center FMC could allow an authenticated, remote attacker to conduct a cross-site scripting XSS attack against a user of the web-based management interface. These vulnerabilities are due to insufficient...

Cisco Unified Intelligence Center Cross-Site Scripting Vulnerability

A vulnerability in the web framework code of Cisco Unified Intelligence Center Software could allow an unauthenticated, remote attacker to conduct a cross-site scripting XSS attack against a user of the web interface of an affected system. The vulnerability is due to insufficient input validation...

CVE-2019-15259

A vulnerability in Cisco Unified Contact Center Express UCCX Software could allow an unauthenticated, remote attacker to conduct an HTTP response splitting attack. The vulnerability is due to insufficient input validation of some parameters that are passed to the web server of the affected system...

CVE-2019-15259 Cisco Unified Contact Center Express HTTP Response Splitting Vulnerability

A vulnerability in Cisco Unified Contact Center Express UCCX Software could allow an unauthenticated, remote attacker to conduct an HTTP response splitting attack. The vulnerability is due to insufficient input validation of some parameters that are passed to the web server of the affected system...

CVE-2019-15259 Cisco Unified Contact Center Express HTTP Response Splitting Vulnerability

A vulnerability in Cisco Unified Contact Center Express UCCX Software could allow an unauthenticated, remote attacker to conduct an HTTP response splitting attack. The vulnerability is due to insufficient input validation of some parameters that are passed to the web server of the affected system...

CVE-2019-12715 Cisco Unified Communications Manager Cross-Site Scripting Vulnerability

A vulnerability in the web-based interface of Cisco Unified Communications Manager and Cisco Unified Communications Manager Session Management Edition SME could allow an unauthenticated, remote attacker to conduct a cross-site scripting XSS attack against a user of the web-based interface of the...

Advantech WebAccess Code Injection Vulnerability

Advantech WebAccess is Advantech's suite of HMI/SCADA software based on browser architecture. A code injection vulnerability exists in Advantech WebAccess 8.4.1 and earlier versions, which can be exploited by an attacker to execute remote code or cause a system crash...

CVE-2019-6143

Forcepoint Next Generation Firewall Forcepoint NGFW 6.4.x before 6.4.7, 6.5.x before 6.5.4, and 6.6.x before 6.6.2 has a serious authentication vulnerability that potentially allows unauthorized users to bypass password authentication and access services protected by the NGFW Engine. The...

Authentication flaw

Forcepoint Next Generation Firewall Forcepoint NGFW 6.4.x before 6.4.7, 6.5.x before 6.5.4, and 6.6.x before 6.6.2 has a serious authentication vulnerability that potentially allows unauthorized users to bypass password authentication and access services protected by the NGFW Engine. The...

CVE-2019-6143

The CVE-2019-6143 entry concerns Forcepoint Next Generation Firewall (NGFW) platforms. Affected versions include 6.4.x prior to 6.4.7, 6.5.x prior to 6.5.4, and 6.6.x prior to 6.6.2. The flaw is an authentication vulnerability that can allow an unauthorized user to bypass password authentication ...

Advantech WebAccess Exploits Arbitrary File Deletion Vulnerability

Advantech WebAccess/SCADA is a set of SCADA software based on browser architecture from Advantech, Taiwan, China. An arbitrary file deletion vulnerability exists in Advantech WebAccess, which can be exploited by an attacker to delete arbitrary files...

JetBrains YouTrack Privilege Vulnerability

JetBrains YouTrack is a browser-based bug tracking and project management software from the Czech company JetBrains. The software features bug tracking, creating workflows and monitoring project progress. A security vulnerability exists in JetBrains YouTrack. An attacker can exploit the...

Nortek Security & Control Linear eMerge 50P/5000P Cross-Site Request Forgery Vulnerability

Nortek Security & Control Linear eMerge 50P/5000P is a browser-based access control system from Nortek Security & Control, USA. A cross-site request forgery vulnerability exists in the Nortek Security & Control Linear eMerge 50P/5000P, which arises from a WEB application that does not adequately...

Linear eMerge 50P/5000P Catalog Traversal Vulnerability

The Linear eMerge 50P/5000P is an access control security system managed through a browser from Nortek Security & Control. A directory traversal vulnerability exists in the Linear eMerge 50P/5000P. An attacker could use this vulnerability to traverse the file system to access files or directories...

Linear eMerge 50P/5000P Authentication Bypass Vulnerability

The Linear eMerge 50P/5000P is an access control security system managed through a browser from Nortek Security & Control. An authentication bypass vulnerability exists in the Linear eMerge 50P/5000P. An attacker can exploit this vulnerability by sending a specially crafted HTTP request to bypass...