CVE-2021-34795

Multiple vulnerabilities in the web-based management interface of the Cisco Catalyst Passive Optical Network PON Series Switches Optical Network Terminal ONT could allow an unauthenticated, remote attacker to perform the following actions: Log in with a default credential if the Telnet protocol i...

Input validation

A vulnerability in the web-based management interface of certain Cisco Small Business RV Series Routers could allow an authenticated, remote attacker with administrative privileges to inject arbitrary commands into the underlying operating system and execute them using root-level privileges. This...

Cross site scripting

A vulnerability in Cisco Webex Video Mesh could allow an unauthenticated, remote attacker to conduct a cross-site scripting XSS attack against a user of the interface. This vulnerability is due to insufficient validation of user-supplied input by the web-based management interface. An attacker...

PT-2021-4960 · Cisco · Cisco Catalyst Pon Series Switches Ont

Name of the Vulnerable Software and Affected Versions: Cisco Catalyst Passive Optical Network PON Series Switches Optical Network Terminal ONT affected versions not specified Description: The issue is related to multiple vulnerabilities in the web-based management interface of the Cisco Catalyst...

CVE-2021-34764

CVE-2021-34764 affects Cisco Firepower Management Center (FMC) web-based management interface, with multiple vulnerabilities enabling cross-site scripting (XSS) and open redirect attacks. The root cause is improper input validation of HTTP request parameters in the FMC web interface. Cisco’s advi...

SeedDMS cross-site scripting vulnerability (CNVD-2022-05448)

SeedDMS is a free document management system with an easy-to-use web-based user interface. A cross-site scripting vulnerability exists in the AddEvent.php component in SeedDMS version 6.0.7. The vulnerability can be exploited to inject malicious script code via the name and comment parameters...

Cisco Integrated Management Controller GUI DoS (cisco-sa-imc-gui-dos-TZjrFyZh)

According to its self-reported version, Cisco Integrated Management Controller is affected by a denial of service DoS vulnerability in its web-based management interface due to insufficient validation of user-supplied input. An unauthenticated, remote attacker can exploit this issue, by sending...

Cross site scripting

A vulnerability in the web-based management interface of Cisco TelePresence Management Suite TMS Software could allow an authenticated, remote attacker to conduct a cross-site scripting XSS attack against a user of the interface. This vulnerability is due to insufficient input validation by the...

CVE-2021-34760 Cisco TelePresence Management Suite Stored Cross-Site Scripting Vulnerability

A vulnerability in the web-based management interface of Cisco TelePresence Management Suite TMS Software could allow an authenticated, remote attacker to conduct a cross-site scripting XSS attack against a user of the interface. This vulnerability is due to insufficient input validation by the...

VulnCheck KEV: CVE-2021-1472

Multiple vulnerabilities exist in the web-based management interface of Cisco Small Business RV Series Routers. A remote attacker could execute arbitrary commands or bypass authentication and upload files on an affected device. For more information about these vulnerabilities, see the Details...

Cross site scripting

A vulnerability in the web-based management interface of Cisco Vision Dynamic Signage Director could allow an unauthenticated, remote attacker to conduct a cross-site scripting XSS attack against a user of the interface on an affected device. This vulnerability is due to insufficient validation o...

CVE-2021-34712

A vulnerability in the web-based management interface of Cisco SD-WAN vManage Software could allow an authenticated, remote attacker to conduct cypher query language injection attacks on an affected system. This vulnerability is due to insufficient input validation by the web-based management...

ECOA Building Automation System Cookie Poisoning Authentication Bypass

Summary 1 The Risk-Terminator Web Graphic control BEMS Building Energy Management System are designed to provide you with the latest in the Human Machine Interface HMI technology, for completely monitoring and controlling management. It may be used singly for small and medium sized facilities,...

CVE-2021-23849

CVE-2021-23849 concerns Bosch IP cameras with a web-based management interface. The vulnerability is CSRF: an unauthenticated attacker can induce actions on behalf of a logged-in user by convincing them to click a malicious link or visit a malicious site, while the victim is authenticated to the ...

CVE-2021-1599

A vulnerability in the web-based management interface of Cisco Unified Customer Voice Portal CVP could allow an authenticated, remote attacker to perform a cross-site scripting XSS attack against a user. This vulnerability is due to insufficient input validation of a parameter that is used by the...

Path traversal

Multiple vulnerabilities in the web-based management interface of Cisco Intersight Virtual Appliance could allow an authenticated, remote attacker to conduct a path traversal or command injection attack on an affected system. These vulnerabilities are due to insufficient input validation. An...

CVE-2021-1576

Multiple vulnerabilities in the web-based management interface of Cisco Business Process Automation BPA could allow an authenticated, remote attacker to elevate privileges to Administrator. These vulnerabilities are due to improper authorization enforcement for specific features and for access to...

Cross site scripting

Multiple vulnerabilities in the web-based management interface of Cisco Identity Services Engine ISE could allow an authenticated, remote attacker to conduct a stored cross-site scripting XSS attack against a user. These vulnerabilities exist because the web-based management interface does not...

CVE-2021-1574 Cisco Business Process Automation Privilege Escalation Vulnerabilities

Multiple vulnerabilities in the web-based management interface of Cisco Business Process Automation BPA could allow an authenticated, remote attacker to elevate privileges to Administrator. These vulnerabilities are due to improper authorization enforcement for specific features and for access to...

Cisco Unified Intelligence Center Reflected Cross-Site Scripting Vulnerability

A vulnerability in the web-based management interface of Cisco Unified Intelligence Center could allow an unauthenticated, remote attacker to conduct a cross-site scripting XSS attack against a user of the interface. This vulnerability exists because the web-based management interface does not...