CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

CNVD•added 2015/12/18 12:0 a.m.•1 views

Cisco Unified Email Interaction Manager and Unified Web Interaction Manager Cross-Site Scripting Vulnerabilities

Cisco Unified Email Interaction Manager is a product from Cisco that is used to manage large volumes of customer email submitted to corporate mailboxes or websites. A cross-site scripting vulnerability exists in Cisco Unified Email Interaction Manager and Unified Web Interaction Manager 11.0. Thi...

4.3CVSS6AI score0.00296EPSS

NVD•added 2015/12/14 3:59 a.m.•11 views

CVE-2015-6416

Cross-site scripting XSS vulnerability in Cisco Unified Email Interaction Manager and Unified Web Interaction Manager 11.01 allows remote attackers to inject arbitrary web script or HTML a crafted URL, aka Bug ID CSCuw24479...

4.3CVSS5.7AI score0.00296EPSS

Prion•added 2015/12/14 3:59 a.m.•14 views

Cross site scripting

4.3CVSS6.1AI score0.00296EPSS

CVE•added 2015/12/14 2:0 a.m.•46 views

CVE-2015-6416

CVE-2015-6416 is a cross-site scripting (XSS) vulnerability in Cisco’s Unified Email Interaction Manager and Unified Web Interaction Manager version 11.0(1). The issue arises from insufficient sanitization of user-supplied input in the web interface, allowing an unauthenticated, remote attacker t...

4.3CVSS5.8AI score0.00296EPSS

NVD•added 2015/08/19 3:59 p.m.•9 views

CVE-2015-6255

Cross-site scripting XSS vulnerability in Cisco Unified Web and E-Mail Interaction Manager 9.02 allows remote attackers to inject arbitrary web script or HTML via a crafted chat message, aka Bug ID CSCuo89051...

4.3CVSS5.6AI score0.00453EPSS

NVD•added 2015/08/19 3:59 p.m.•9 views

CVE-2015-4298

Cisco Unified Web and E-Mail Interaction Manager 9.02 and 11.01 improperly performs authorization, which allows remote authenticated users to read or write to stored data via unspecified vectors, aka Bug ID CSCuo89056...

6.5CVSS6.1AI score0.00549EPSS

Prion•added 2015/08/19 3:59 p.m.•14 views

Authorization

6.5CVSS6.5AI score0.00549EPSS

Prion•added 2015/08/19 3:59 p.m.•8 views

Cross site scripting

4.3CVSS6AI score0.00453EPSS

CVE•added 2015/08/19 3:0 p.m.•42 views

CVE-2015-4298

CVE-2015-4298 affects Cisco Unified Web and E-Mail Interaction Manager (versions 9.0(2) and 11.0(1)). The root cause is improper authorization handling that allows remote authenticated users to read or write stored data via unspecified vectors. The vulnerability results from insufficient validati...

6.5CVSS6.2AI score0.00549EPSS

CVE•added 2015/08/19 3:0 p.m.•38 views

CVE-2015-4299

Cisco's advisory for CVE-2015-4299 states that Cisco Unified Web and E-Mail Interaction Manager 9.0(2) exposes an authorization flaw. An authenticated, remote attacker can remove default messaging-queue system folders due to improper authorization logic. Root cause: insufficient validation of per...

5.5CVSS6.5AI score0.00549EPSS

Cvelist•added 2015/08/19 3:0 p.m.•12 views

CVE-2015-4298

6.1AI score0.00549EPSS

CVE•added 2015/08/19 3:0 p.m.•40 views

CVE-2015-6255

CVE-2015-6255 affects Cisco Unified Web and E‑Mail Interaction Manager 9.0(2). The vulnerability resides in the web chat interface where insufficient input validation allows a remote attacker to deliver a crafted chat message that injects arbitrary web script or HTML (XSS). The root cause is inpu...

4.3CVSS5.8AI score0.00453EPSS

CNVD•added 2015/08/19 12:0 a.m.•4 views

Cisco Unified Web Interaction Manager Web Interface Denial of Service Vulnerability

Cisco Unified Web Interaction Manager is a WEB interaction manager. An input validation vulnerability in Cisco Unified Web Interaction Manager allows remote attackers to conduct denial of service attacks by deleting the default system folder in the message queue via the WEB interface...

5.5CVSS6.8AI score0.00549EPSS

CNVD•added 2015/08/19 12:0 a.m.•2 views

Cisco Unified Web Interaction Manager Web Interface Security Restriction Bypass Vulnerability

Cisco Unified Web Interaction Manager is a WEB interaction manager. An input validation vulnerability in Cisco Unified Web Interaction Manager WEBjiekou could be exploited by a remote attacker to submit a special request to view, modify, or delete data stored on the target system...

6.5CVSS6.8AI score0.00549EPSS

Cisco•added 2015/08/18 8:26 p.m.•22 views

Cisco Unified Interaction Manager Cross-Site Scripting Vulnerability

A vulnerability in the web chat interface of Cisco Unified Interaction Manager could allow an unauthenticated, remote attacker to conduct a cross-site scripting XSS attack against a user of the chat on the affected system. The vulnerability is due to insufficient input validation of user-supplied...

4.3CVSS5.7AI score0.00453EPSS