CVE-2022-40183 Reflected Cross Site Scripting (XSS) in VIDEOJET multi 4000

An error in the URL handler of the VIDEOJET multi 4000 may lead to a reflected cross site scripting XSS in the web-based interface. An attacker with knowledge of the encoder address can send a crafted link to a user, which will execute JavaScript code in the context of the user...

CVE-2022-40183 Reflected Cross Site Scripting (XSS) in VIDEOJET multi 4000

An error in the URL handler of the VIDEOJET multi 4000 may lead to a reflected cross site scripting XSS in the web-based interface. An attacker with knowledge of the encoder address can send a crafted link to a user, which will execute JavaScript code in the context of the user...

PT-2022-25265 · Unknown · Videojet Multi 4000

Name of the Vulnerable Software and Affected Versions: VIDEOJET multi 4000 affected versions not specified Description: The issue concerns incomplete filtering of JavaScript code in different configuration fields of the web-based interface. An attacker with administrative credentials can store...

Tacitine Firewall EN6200 Access Control Error Vulnerability

Tacitine Firewall EN6200 is a series of firewalls from Tacitine. The Tacitine Firewall EN6200 suffers from an Access Control Error vulnerability that stems from improper session management in Tacitine's web-based management interface. An unauthenticated, remote attacker could exploit the...

Session fixation

This vulnerability exists in Tacitine Firewall, all versions of EN6200-PRIME QUAD-35 and EN6200-PRIME QUAD-100 between 19.1.1 to 22.20.1 inclusive, due to improper session management in the Tacitine Firewall web-based management interface. An unauthenticated remote attacker could exploit this...

CVE-2022-40630 Improper Session Management Vulnerability in Tacitine Firewall

This vulnerability exists in Tacitine Firewall, all versions of EN6200-PRIME QUAD-35 and EN6200-PRIME QUAD-100 between 19.1.1 to 22.20.1 inclusive, due to improper session management in the Tacitine Firewall web-based management interface. An unauthenticated remote attacker could exploit this...

CVE-2022-23696

Vulnerabilities in the web-based management interface of ClearPass Policy Manager could allow an authenticated remote attacker to conduct SQL injection attacks against the ClearPass Policy Manager instance. An attacker could exploit these vulnerabilities to obtain and modify sensitive information...

CVE-2022-23693

Vulnerabilities in the web-based management interface of ClearPass Policy Manager could allow an authenticated remote attacker to conduct SQL injection attacks against the ClearPass Policy Manager instance. An attacker could exploit these vulnerabilities to obtain and modify sensitive information...

CVE-2022-37882

Vulnerabilities in the ClearPass Policy Manager web-based management interface allow remote authenticated users to run arbitrary commands on the underlying host. A successful exploit could allow an attacker to execute arbitrary commands as root on the underlying operating system leading to comple...

CVE-2022-37881

Vulnerabilities in the ClearPass Policy Manager web-based management interface allow remote authenticated users to run arbitrary commands on the underlying host. A successful exploit could allow an attacker to execute arbitrary commands as root on the underlying operating system leading to comple...

CVE-2022-23685

A vulnerability in the ClearPass Policy Manager web-based management interface exists which exposes some endpoints to a lack of Cross-Site Request Forgery CSRF protection. This could allow a remote unauthenticated attacker to execute arbitrary input against these endpoints if the attacker can...

CVE-2022-23696

The vulnerability CVE-2022-23696 affects the web-based management interface of Aruba ClearPass Policy Manager . An authenticated remote attacker could exploit SQL injection to obtain and modify data in the underlying database, potentially leading to complete compromise of the ClearPass Policy Man...

CVE-2022-37878

Vulnerabilities in the ClearPass Policy Manager web-based management interface allow remote authenticated users to run arbitrary commands on the underlying host. A successful exploit could allow an attacker to execute arbitrary commands as root on the underlying operating system leading to comple...

CVE-2022-20869

A vulnerability in the web-based management interface of Cisco BroadWorks Application Delivery Platform Software could allow an unauthenticated, remote attacker to conduct a cross-site scripting attack against a user of the interface. This vulnerability exists because the web-based management...

Input validation

Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers could allow an authenticated, remote attacker to execute arbitrary code on an affected device or cause the device to restart unexpectedly, resulting in a denial of...

CVE-2022-20903

Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers could allow an authenticated, remote attacker to execute arbitrary code on an affected device or cause the device to restart unexpectedly, resulting in a denial of...

Cisco Unified Communications Manager Arbitrary File Read (cisco-sa-ucm-file-read-qgjhEc3A)

The version of Cisco Unified Communications Manager Unified CM is affected by a vulnerability in its web-based management interface that allows an authenticated, remote attacker to read arbitrary files on the underlying operating system of an affected device. This vulnerability is due to improper...

CVE-2022-20813 Cisco Expressway Series and Cisco TelePresence Video Communication Server Vulnerabilities

Multiple vulnerabilities in the API and in the web-based management interface of Cisco Expressway Series and Cisco TelePresence Video Communication Server VCS could allow a remote attacker to overwrite arbitrary files or conduct null byte poisoning attacks on an affected device. Note: Cisco...

Cisco Unified Communications Products Cross-Site Scripting Vulnerability

A vulnerability in the web-based management interface of Cisco Unified Communications Manager Unified CM, Cisco Unified Communications Manager Session Management Edition Unified CM SME, Cisco Unified Communications Manager IM & Presence Service Unified CM IM&P, and Cisco Unity Connection could...

CVE-2022-20667

Multiple vulnerabilities in the web-based management interface of Cisco Common Services Platform Collector CSPC Software could allow an unauthenticated, remote attacker to conduct a cross-site scripting XSS attack against a user of the interface. These vulnerabilities are due to insufficient...