24 matches found
CVE-2026-7958
Inappropriate implementation in ServiceWorker in Google Chrome prior to 148.0.7778.96 allowed an attacker who convinced a user to install a malicious extension to inject arbitrary scripts or HTML UXSS via a crafted Chrome Extension. Chromium security severity: Medium...
EUVD-2019-10259
Malware in sbrugna...
CVE-2024-20281
A vulnerability in the web-based management interface of Cisco Nexus Dashboard and Cisco Nexus Dashboard hosted services could allow an unauthenticated, remote attacker to conduct a cross-site request forgery CSRF attack on an affected system. This vulnerability is due to insufficient CSRF...
CVE-2022-20735 Cisco SD-WAN vManage Software Cross-Site Request Forgery Vulnerability
A vulnerability in the web-based management interface of Cisco SD-WAN vManage Software could allow an unauthenticated, remote attacker to conduct a cross-site request forgery CSRF attack on an affected system. This vulnerability is due to insufficient CSRF protections for the web-based management...
Cisco Webex Player Memory Corruption Vulnerability Vulnerability (cisco-sa-webex-player-kxtkFbnR)
The version of Cisco Webex Network Recording Player and Cisco Webex Player installed on the remote host is affected by a remote code execution vulnerability due to insufficient validation of certain elements within a Webex recording that is stored in either the Advanced Recording Format ARF or th...
Input validation
Multiple vulnerabilities in Cisco Webex Network Recording Player for Microsoft Windows and Cisco Webex Player for Microsoft Windows could allow an attacker to execute arbitrary code on an affected system. The vulnerabilities exist due to insufficient validation of certain elements with a Webex...
The vulnerability in the implementation of the Page.downloadBehavior backend of the Google Chrome browser allows a hacker to persuade users to install a malicious extension.
The vulnerability of the PagedownloadBehavior implementation in Google Chrome’s browser lies in the lack of restrictions on file downloads. Exploiting this vulnerability can allow a malicious actor to persuade a user to install a malicious extension through a specially created HTML page...
CVE-2019-1881 Cisco Industrial Network Director Cross-Site Request Forgery Vulnerability
A vulnerability in the web-based management interface of Cisco Industrial Network Director IND could allow an unauthenticated, remote attacker to conduct a cross-site request forgery CSRF attack and perform arbitrary actions on an affected device. The vulnerability is due to insufficient CSRF...
Cisco Industrial Network Director Cross-Site Request Forgery Vulnerability
A vulnerability in the web-based management interface of Cisco Industrial Network Director could allow an unauthenticated, remote attacker to conduct a cross-site request forgery CSRF attack and perform arbitrary actions on an affected device. The vulnerability is due to insufficient CSRF...
Cisco Tetration Analytics Cross-Site Request Forgery Vulnerability
A vulnerability in the web-based management interface of Cisco Tetration Analytics could allow an authenticated, remote attacker to conduct a cross-site request forgery CSRF attack and perform arbitrary actions on an affected device. The vulnerability is due to insufficient CSRF protections for t...
Cisco Meeting Server Cross-Site Request Forgery Vulnerability
A vulnerability in the web-based management interface of Cisco Meeting Server could allow an unauthenticated, remote attacker to conduct a cross-site request forgery CSRF attack and perform arbitrary actions on an affected device. The vulnerability is due to insufficient CSRF protections for the...
CVE-2018-0365
A vulnerability in the web-based management interface of Cisco Firepower Management Center could allow an unauthenticated, remote attacker to conduct a cross-site request forgery CSRF attack and perform arbitrary actions on an affected device. The vulnerability is due to insufficient CSRF...
Cross site request forgery (csrf)
A vulnerability in the web-based management interface of Cisco Data Center Network Manager could allow an unauthenticated, remote attacker to conduct a cross-site request forgery CSRF attack and perform arbitrary actions on an affected device. The vulnerability is due to insufficient CSRF...
Cisco Identity Services Engine Cross-Site Request Forgery Vulnerability
A vulnerability in the web-based management interface of Cisco Identity Services Engine ISE could allow an unauthenticated, remote attacker to conduct a cross-site request forgery CSRF attack and perform arbitrary actions on an affected device. The vulnerability is due to insufficient CSRF...
Cisco Unified Communications Manager Cross-Site Request Forgery Vulnerability
A vulnerability in the web framework of Cisco Unified Communications Manager CallManager could allow an unauthenticated, remote attacker to conduct a cross-site request forgery CSRF attack against a user of the web interface of the affected software. The vulnerability is due to insufficient CSRF...
Cisco Access Control Server File Inclusion Vulnerability
A vulnerability in Cisco Access Control Server ACS could allow an unauthenticated, remote attacker to perform a file inclusion attack. The vulnerability is due to improper input validation of certain parameters passed to an affected device. An attacker could exploit this vulnerability by convinci...
Cisco Finesse Server Cross-Site Scripting Vulnerability
A vulnerability in Cisco Finesse Server could allow an unauthenticated, remote attacker to conduct cross-site scripting XSS attacks. The vulnerability is due to improper input validation of certain parameters passed via HTTP GET or POST methods to an affected device. An unauthenticated, remote...
Cisco Broadcast Access Center for Telco and Wireless Cross-Site Request Forgery Vulnerability
A vulnerability in the web framework of the Cisco Broadcast Access Center for Telco and Wireless BAC-TW could allow an unauthenticated, remote attacker to perform a cross-site request forgery CSRF attack against the Cisco BAC-TW web interface. The vulnerability is due to insufficient CSRF...
Cisco SocialMiner Cross-Site Scripting Vulnerability
A vulnerability in the bookmarklet.jsp page of Cisco SocialMiner could allow an unauthenticated, remote attacker to send a malicious script to an unsuspecting user. The vulnerability is due to insufficient input validation. An attacker could exploit this vulnerability by convincing the user of th...
Cisco Secure Access Control System Help Index Cross-Site Scripting Vulnerability
A vulnerability in the Access Control System Help index page of Cisco Access Control System ACS could allow an unauthenticated, remote attacker to conduct a cross-site scripting XSS attack against a user of the web interface of the affected system. The vulnerability is due to insufficient input...