CVE-2017-6762

A vulnerability in the web-based management interface of Cisco Jabber Guest Server 10.69, 11.00, and 11.01 could allow an unauthenticated, remote attacker to conduct a cross-site scripting XSS attack against a user of the web-based management interface of the affected software. The vulnerability ...

Microsoft Edge AsmJsInterpreter Use After Free (CVE-2017-8603)

A use-after-free vulnerability exists in Microsoft Edge. This vulnerability is due to an error while handling objects in memory when processing HTML and script code. A remote attacker could exploit these vulnerabilities by enticing the target user to open a specially crafted web page...

Cisco Adaptive Security Appliance Authenticated Cross-Site Scripting Vulnerability (cisco-sa-20170802-asa)

A vulnerability in the web-based management interface of Cisco Adaptive Security Appliance ASA could allow an authenticated, remote attacker to conduct a cross-site scripting XSS attack against a user of the web-based management interface of an affected device. Copyright C 2017 Greenbone Networks...

Cisco Jabber Guest Server Cross-Site Scripting Vulnerability

A vulnerability in the web-based management interface of Cisco Jabber Guest Server could allow an unauthenticated, remote attacker to conduct a cross-site scripting XSS attack against a user of the web-based management interface of the affected software. The vulnerability is due to insufficient...

Cisco Adaptive Security Appliance WebVPN Cross-Site Scripting Vulnerability

A vulnerability in the web-based management interface of Cisco Adaptive Security Appliance ASA could allow an unauthenticated, remote attacker to conduct a cross-site scripting XSS attack against a user of the web-based management interface of an affected device. The vulnerability is due to...

Cisco Adaptive Security Appliance Authenticated Cross-Site Scripting Vulnerability

A vulnerability in the web-based management interface of Cisco Adaptive Security Appliance ASA could allow an authenticated, remote attacker to conduct a cross-site scripting XSS attack against a user of the web-based management interface of an affected device. The vulnerability is due to...

Microsoft Edge and Internet Explorer CVE-2017-8592 Security Bypass Vulnerability

Description Microsoft Edge and Internet Explorer are prone to a security-bypass vulnerability. An attacker can exploit this issue to bypass certain security restrictions. This may lead to other attacks. Technologies Affected Microsoft Edge Microsoft Internet Explorer 10 Microsoft Internet Explore...

Microsoft Edge CVE-2017-8611 Spoofing Vulnerability

Description Microsoft Edge is prone to a security vulnerability that may allow attackers to conduct spoofing attacks. An attacker can exploit this issue to conduct spoofing attacks and perform unauthorized actions; other attacks are also possible. Technologies Affected Microsoft Edge...

Microsoft Internet Explorer and Edge CVE-2017-8602 Spoofing Vulnerability

Description Microsoft Internet Explorer and Edge are prone to a security vulnerability that may allow attackers to conduct spoofing attacks. An attacker can exploit this issue to conduct spoofing attacks and perform unauthorized actions; other attacks are also possible. Technologies Affected...

Cisco Identity Services Engine Guest Portal Cross-Site Scripting Vulnerability (cisco-sa-20170705-ise2)

A vulnerability in the web-based management interface of Cisco Identity Services Engine ISE Software could allow an authenticated, remote attacker to conduct a cross-site scripting XSS attack against a user of the web interface of an affected device. SPDX-FileCopyrightText: 2017 Greenbone AG Some...

Cisco Prime Infrastructure Web Framework Code Cross-Site Scripting Vulnerability (cisco-sa-20170621-piwf)

A vulnerability in the web framework code of Cisco Prime Infrastructure could allow an unauthenticated, remote attacker to conduct a cross-site scripting XSS attack against a user of the web interface of an affected system. SPDX-FileCopyrightText: 2017 Greenbone AG Some text descriptions might be...

Cisco Firepower Management Center Cross-Site Scripting Vulnerability

A vulnerability in the web framework of Cisco Firepower Management Center could allow an authenticated, remote attacker to conduct a cross-site scripting XSS attack against a user of the web interface. SPDX-FileCopyrightText: 2017 Greenbone AG Some text descriptions might be excerpted from a...

Cisco Prime Infrastructure and Evolved Programmable Network Manager DOM Cross-Site Scripting Vulnerability

A vulnerability in the web-based management interface of Cisco Prime Infrastructure PI and Evolved Programmable Network Manager EPNM could allow an unauthenticated, remote attacker to conduct a Document Object Model DOM based environment or client-side cross-site scripting XSS attack against a us...

Cisco SocialMiner Cross-Site Scripting Vulnerability

A vulnerability in the web framework of Cisco SocialMiner could allow an unauthenticated, remote attacker to conduct a cross-site scripting XSS attack against a user of the web interface of an affected system. The vulnerability is due to insufficient input validation. An attacker could exploit th...

Cisco Prime Infrastructure Web Framework Code Cross-Site Scripting Vulnerabilities

A vulnerability in the web framework code of Cisco Prime Infrastructure could allow an unauthenticated, remote attacker to conduct a cross-site scripting XSS attack against a user of the web interface of an affected system. The vulnerability is due to insufficient input validation of some...

Python Tablib Arbitrary Command Execution Vulnerability

Tablib is a Python library related to tabular format data that allows importing, exporting, and managing tabular format data. An arbitrary command execution vulnerability exists in Python Tablib version 0.11.4, which allows an attacker to execute arbitrary script code in the context of an affecte...

Sophos Web Appliance < 4.3.1 Multiple Remote Command Injection Vulnerabilities

According to its self-reported version number, the Sophos Web Appliance software running on the remote host is prior to 4.3.1. It is, therefore, affected by multiple vulnerabilities : - A remote command injection vulnerability exists in the web administration interface in the...

Serendipity < 2.1.1 Multiple Vulnerabilities

According to its banner, the version of Serendipity running on the remote host is prior to 2.1.1. It is, therefore, affected by multiple vulnerabilities : - A stored cross-site scripting XSS vulnerability exists in the templates/2k11/admin/category.inc.tpl script due to improper validation of the...

Cisco Email Security Appliance Message Tracking Cross-Site Scripting Vulnerability

A vulnerability in the web-based management interface of Cisco Email Security Appliance ESA could allow an unauthenticated, remote attacker to conduct a cross-site scripting XSS attack against a user of the web-based management interface of an affected device. SPDX-FileCopyrightText: 2017 Greenbo...

Cisco Email Security and Content Security Management Appliance Message Tracking Cross-Site Scripting Vulnerability

A vulnerability in the web-based management interface of Cisco Email Security Appliance ESA and Cisco Content Security Management Appliance SMA could allow an unauthenticated, remote attacker to conduct a cross-site scripting XSS attack against a user of the web-based management interface of an...