6664 matches found
CVE-2024-20386
The CVE-2024-20386 entry describes stored XSS in the web-based management interface of Cisco Firepower Management Center (FMC) Software due to insufficient validation of user-supplied input. An unauthenticated, remote attacker could inject crafted input into interface data fields to execute scrip...
CVE-2024-20386
A vulnerability in the web-based management interface of Cisco Firepower Management Center FMC Software could allow an unauthenticated, remote attacker to conduct a stored cross-site scripting XSS attack against a user of the interface of an affected device. This vulnerability is due to...
CVE-2024-20377
CVE-2024-20377 concerns Cisco Firepower Management Center (FMC) web-based management interface. A stored XSS vulnerability arises from improper validation of user-supplied input, enabling an authenticated, remote attacker to lure a user into clicking a crafted link, which could execute arbitrary ...
CVE-2024-20372
A vulnerability in the web-based management interface of Cisco Firepower Management Center FMC Software could allow an unauthenticated, remote attacker to conduct a stored cross-site scripting XSS attack against a user of the interface of an affected device. This vulnerability is due to...
CVE-2024-20364
A vulnerability in the web-based management interface of Cisco Firepower Management Center FMC Software could allow an authenticated, remote attacker to conduct a stored cross-site scripting XSS attack against a user of the interface of an affected device. This vulnerability is due to insufficien...
CVE-2024-20300
A vulnerability in the web-based management interface of Cisco Firepower Management Center FMC Software could allow an authenticated, remote attacker to conduct a cross-site scripting XSS attack against a user of the interface of an affected device. This vulnerability is due to insufficient...
CVE-2024-20269 Cisco Firepower Management Center Software Cross-Site Scripting Vulnerability
A vulnerability in the web-based management interface of Cisco Firepower Management Center FMC Software could allow an authenticated, remote attacker to conduct a cross-site scripting XSS attack against a user of the interface of an affected device. This vulnerability is due to insufficient...
CVE-2024-20460
A vulnerability in the web-based management interface of Cisco ATA 190 Series Analog Telephone Adapter firmware could allow an unauthenticated, remote attacker to conduct a reflected cross-site scripting XSS attack against a user. This vulnerability is due to insufficient validation of user input...
CVE-2024-20512
CVE-2024-20512 concerns Cisco Unified Contact Center Management Portal (Unified CCMP). The vulnerability is a reflected cross-site scripting (XSS) flaw in the web-based management interface caused by improper validation of user input. An unauthenticated, remote attacker can lure a user to click a...
CVE-2024-20512 Cisco Unified Contact Center Management Portal Reflected Cross-Site Scripting Vulnerability
A vulnerability in the web-based management interface of Cisco Unified Contact Center Management Portal Unified CCMP could allow an unauthenticated, remote attacker to conduct a reflected cross-site scripting XSS attack against a user of the interface. This vulnerability exists because the...
CVE-2024-20512 Cisco Unified Contact Center Management Portal Reflected Cross-Site Scripting Vulnerability
A vulnerability in the web-based management interface of Cisco Unified Contact Center Management Portal Unified CCMP could allow an unauthenticated, remote attacker to conduct a reflected cross-site scripting XSS attack against a user of the interface. This vulnerability exists because the...
CVE-2024-20460 Cisco ATA 190 Series Analog Telephone Adapter Firmware Reflected Cross-Site Scripting Vulnerability
A vulnerability in the web-based management interface of Cisco ATA 190 Series Analog Telephone Adapter firmware could allow an unauthenticated, remote attacker to conduct a reflected cross-site scripting XSS attack against a user. This vulnerability is due to insufficient validation of user input...
CVE-2024-6380
A reflected Cross-site Scripting XSS vulnerability affecting ENOVIA Collaborative Industry Innovator from Release 3DEXPERIENCE R2022x through Release 3DEXPERIENCE R2024x allows an attacker to execute arbitrary script code in user's browser session...
CVE-2024-6380 Reflected Cross-site Scripting (XSS) vulnerability affecting ENOVIA Collaborative Industry Innovator from Release 3DEXPERIENCE R2022x through Release 3DEXPERIENCE R2024x
A reflected Cross-site Scripting XSS vulnerability affecting ENOVIA Collaborative Industry Innovator from Release 3DEXPERIENCE R2022x through Release 3DEXPERIENCE R2024x allows an attacker to execute arbitrary script code in user's browser session...
CVE-2024-6380
CVE-2024-6380 is a reflected XSS vulnerability affecting ENOVIA Collaborative Industry Innovator (3DEXPERIENCE R2022x through R2024x). Connected sources confirm the issue targets the product/component (ENOVIA/Collaborative Industry Innovator) via reflective XSS, enabling arbitrary script executio...
CVE-2024-20475
A vulnerability in the web-based management interface of Cisco Catalyst SD-WAN Manager, formerly Cisco SD-WAN vManage, could allow an authenticated, remote attacker to conduct a cross-site scripting XSS attack against a user of the interface. This vulnerability exists because the web-based...
CVE-2024-7736
A reflected Cross-site Scripting XSS vulnerability affecting ENOVIA Collaborative Industry Innovator from Release 3DEXPERIENCE R2022x through Release 3DEXPERIENCE R2024x allows an attacker to execute arbitrary script code in user's browser session...
CVE-2024-7737
CVE-2024-7737 is a stored XSS vulnerability in 3DSwym (3DSwymer) affecting 3DEXPERIENCE R2022x through R2024x. The issue stems from storing/scriptable input that can execute arbitrary script code in a user’s browser session, enabling an attacker to perform actions or exfiltrate data within an aut...
CVE-2024-7736
The CVE-2024-7736 entry affects ENOVIA Collaborative Industry Innovator (3DEXPERIENCE R2022x through R2024x). The issue is a reflected Cross-site Scripting (XSS) vulnerability exploiting a JavaScript/script rendering pathway in the browser, enabling arbitrary script execution in a user session. T...
Security Updates for Microsoft Dynamics 365 (on-premises) (September 2024)
The Microsoft Dynamics 365 on-premises is missing security updates. It is, therefore, affected by a cross-site scripting XSS vulnerability. The vulnerability exists due to improper validation of user-supplied input before returning it to users. An authenticated, remote attacker can exploit this, ...