CVE-2019-12638 Cisco Identity Services Engine Stored Cross-Site Scripting Vulnerability

A vulnerability in the web-based management interface of Cisco Identity Services Engine ISE could allow an authenticated, remote attacker to conduct cross-site scripting XSS attacks against a user of the web-based management interface. The vulnerability is due to insufficient validation of...

CVE-2019-12638 Cisco Identity Services Engine Stored Cross-Site Scripting Vulnerability

A vulnerability in the web-based management interface of Cisco Identity Services Engine ISE could allow an authenticated, remote attacker to conduct cross-site scripting XSS attacks against a user of the web-based management interface. The vulnerability is due to insufficient validation of...

CVE-2019-12637 Cisco Identity Services Engine Multiple Stored Cross-Site Scripting Vulnerabilities

Multiple vulnerabilities in the web-based management interface of Cisco Identity Services Engine ISE could allow an authenticated, remote attacker to conduct cross-site scripting XSS attacks against a user of the web-based management interface. The vulnerabilities are due to insufficient validati...

Cisco SPA100 Series Analog Telephone Adapters Reflected Cross-Site Scripting Vulnerability

A vulnerability in the web-based management interface of Cisco SPA100 Series Analog Telephone Adapters ATAs could allow an authenticated, remote attacker to conduct cross-site scripting attacks. The vulnerability is due to insufficient validation of user-supplied input by the web-based management...

Cisco SPA122 ATA with Router Devices DHCP Services Cross-Site Scripting Vulnerability

A vulnerability in the web-based management interface of Cisco SPA122 ATA with Router Devices could allow an unauthenticated, adjacent attacker to conduct cross-site scripting attacks. The vulnerability is due to insufficient validation of user-supplied input by the web-based management interface...

Cisco Firepower Management Center Multiple Cross-Site Scripting Vulnerabilities

Multiple vulnerabilities in the web-based management interface of Cisco Firepower Management Center FMC could allow an authenticated, remote attacker to conduct a cross-site scripting XSS attack against a user of the web-based management interface. These vulnerabilities are due to insufficient...

Adobe Acrobat and Reader CVE-2019-8160 Cross Site Scripting Vulnerability

Description Adobe Acrobat and Reader are prone to a cross-site scripting vulnerability. An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie-based authentication...

Oracle Java SE/Java SE Embedded CVE-2019-2981 Remote Security Vulnerability

Description Oracle Java SE and Java SE Embedded are prone to a remote security vulnerability. The vulnerability can be exploited over Multiple protocols. This issue affects the 'JAXP' component. This vulnerability affects the following supported versions: Java SE: 7u231, 8u221, 11.0.4, 13; Java S...

Cisco TelePresence Management Suite Cross-Site Scripting Vulnerability

A vulnerability in the web-based management interface of Cisco TelePresence Management Suite TMS could allow an unauthenticated, remote attacker to conduct a cross-site scripting XSS attack against a user of the web-based management interface of an affected device. The vulnerability is due to...

WordPress Prior to 5.2.4 Multiple Security Vulnerabilities

Description WordPress is prone to multiple security vulnerabilities. An attacker may leverage these issues to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This can allow the attacker to steal cookie-based authentication credentials and...

Cisco Identity Services Engine Cross-Site Scripting Vulnerability

A vulnerability in the web-based guest portal of Cisco Identity Services Engine ISE could allow an unauthenticated, remote attacker to conduct a cross-site scripting XSS attack against a user of the web-based management interface. The vulnerability is due to insufficient validation of user-suppli...

Cisco IOS XE Software Stored Banner XSS (cisco-sa-20190925-sbxss)

According to its self-reported version, Cisco IOS XE Software is affected by a cross-site scripting vulnerability which allows an authenticated, remote attacker to conduct a stored cross-site scripting XSS attack against a user of the web interface of the affected software using the banner...

Cisco Unified Intelligence Center Cross-Site Scripting Vulnerability

A vulnerability in the web framework code of Cisco Unified Intelligence Center Software could allow an unauthenticated, remote attacker to conduct a cross-site scripting XSS attack against a user of the web interface of an affected system. The vulnerability is due to insufficient input validation...

Cisco Adaptive Security Appliance WebVPN XSS (cisco-sa-20191002-asa-xss)

A vulnerability in the Clientless SSL VPN WebVPN portal of Cisco Adaptive Security Appliance ASA allows an unauthenticated, remote attacker to conduct a cross-site scripting XSS attack against a user of the web-based management interface of an affected device. The vulnerability is due to...

Cisco IOS XE Software Stored XSS (cisco-sa-20190925-xss)

According to its self-reported version, Cisco IOS XE Software is affected by a stored cross-site scripting XSS vulnerability in its web framework code. This allows an unauthenticated, remote attacker to conduct stored XSS attacks against a user of the web interface of the affected software. The...

Juniper Junos J-Web CVE-2019-0047 HTML Injection Vulnerability

Description Juniper Junos is prone to an HTML-injection vulnerability. Successful exploits will allow attacker-supplied HTML and script code to run in the context of the affected browser, potentially allowing the attacker to steal cookie-based authentication credentials or control how the site is...

Microsoft Dynamics 365 CVE-2019-1375 Cross Site Scripting Vulnerability

Description Microsoft Dynamics 365 is prone to a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input. An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may...

Microsoft Internet Explorer and Edge CVE-2019-0608 Spoofing Vulnerability

Description Microsoft Internet Explorer and Edge are prone to a security vulnerability that may allow attackers to conduct spoofing attacks. An attacker can exploit this issue to conduct spoofing attacks and perform unauthorized actions; other attacks are also possible. Technologies Affected...

Microsoft Edge and Internet Explorer CVE-2019-1357 Spoofing Vulnerability

Description Microsoft Edge and Internet Explorer are prone to a security vulnerability that may allow attackers to conduct spoofing attacks. An attacker can exploit this issue to conduct spoofing attacks and perform unauthorized actions; other attacks are also possible. Technologies Affected...

Microsoft Office SharePoint CVE-2019-1070 Cross Site Scripting Vulnerability

Description Microsoft Office SharePoint is prone to a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input. An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This...