Cross site scripting

An error in the URL handler Bosch IP cameras may lead to a reflected cross site scripting XSS in the web-based interface. An attacker with knowledge of the camera address can send a crafted link to a user, which will execute javascript code in the context of the user...

CVE-2021-23854 Reflected XSS in page parameter

An error in the handling of a page parameter in Bosch IP cameras may lead to a reflected cross site scripting XSS in the web-based interface. This issue only affects versions 7.7x and 7.6x. All other versions are not affected...

CVE-2021-23848

CVE-2021-23848 describes a reflected XSS against the Bosch IP cameras web UI. The issue arises from the URL handling in the camera’s web interface, where an attacker who knows the camera address can send a crafted link that causes the victim’s browser to execute JavaScript in the user’s context. ...

CVE-2021-23848 Reflected XSS in URL handler

An error in the URL handler Bosch IP cameras may lead to a reflected cross site scripting XSS in the web-based interface. An attacker with knowledge of the camera address can send a crafted link to a user, which will execute javascript code in the context of the user...

CVE-2021-1487 Cisco Prime Infrastructure and Cisco Evolved Programmable Network Manager Command Injection Vulnerability

A vulnerability in the web-based management interface of Cisco Prime Infrastructure and Evolved Programmable Network EPN Manager could allow an authenticated, remote attacker to execute arbitrary commands on an affected system. The vulnerability is due to insufficient validation of user-supplied...

CVE-2021-1555 Cisco Small Business 100, 300, and 500 Series Wireless Access Points Command Injection Vulnerabilities

Multiple vulnerabilities in the web-based management interface of certain Cisco Small Business 100, 300, and 500 Series Wireless Access Points could allow an authenticated, remote attacker to perform command injection attacks against an affected device. These vulnerabilities are due to improper...

CVE-2021-1254 Cisco Finesse Cross-Site Scripting Vulnerabilities

Multiple vulnerabilities in the web-based management interface of Cisco Finesse could allow an authenticated, remote attacker to conduct a cross-site scripting XSS attack against a user of the interface. These vulnerabilities are due to insufficient validation of user-supplied input by the...

Cisco Firepower Management Center Multiple Stored XSS (cisco-sa-fmc-stored-xss-djKfCzf2)

The version of Cisco Firepower Management Center installed on the remote host is prior to 6.7.0. It is, therefore, affected by multiple vulnerabilities as referenced in the cisco-sa-fmc-stored-xss-djKfCzf2 advisory. Specifically, multiple vulnerabilities in the web-based management interface of...

Design/Logic Flaw

Multiple vulnerabilities in the web-based management interface of certain Cisco Small Business 100, 300, and 500 Series Wireless Access Points could allow an authenticated, remote attacker to obtain sensitive information from or inject arbitrary commands on an affected device. For more informatio...

Cross site scripting

A vulnerability in an API of Cisco SD-WAN vManage Software could allow an authenticated, remote attacker to conduct a stored cross-site scripting XSS attack against users of the application web-based interface. This vulnerability exists because the API does not properly validate user-supplied...

Cisco BroadWorks Messaging Server XML External Entity Injection Vulnerability

A vulnerability in the web-based management interface of Cisco BroadWorks Messaging Server Software could allow an authenticated, remote attacker to access sensitive information or cause a partial denial of service DoS condition on an affected system. This vulnerability is due to improper handlin...

CVE-2021-1456

Multiple vulnerabilities in the web-based management interface of Cisco Firepower Management Center FMC Software could allow an unauthenticated, remote attacker to conduct a cross-site scripting XSS attack against a user of the interface. These vulnerabilities are due to insufficient validation o...

CVE-2021-1456

Multiple vulnerabilities in the web-based management interface of Cisco Firepower Management Center FMC Software could allow an unauthenticated, remote attacker to conduct a cross-site scripting XSS attack against a user of the interface. These vulnerabilities are due to insufficient validation o...

CVE-2021-1455 Cisco Firepower Management Center Software Cross-Site Scripting Vulnerabilities

Multiple vulnerabilities in the web-based management interface of Cisco Firepower Management Center FMC Software could allow an unauthenticated, remote attacker to conduct a cross-site scripting XSS attack against a user of the interface. These vulnerabilities are due to insufficient validation o...

PT-2021-2823 · Cisco · Cisco Firepower Management Center

Name of the Vulnerable Software and Affected Versions: Cisco Firepower Management Center FMC Software affected versions not specified Description: The issue is related to insufficient validation of user-supplied input by the web-based management interface, which could allow an unauthenticated,...

CVE-2020-7035

An XML External Entities XXEvulnerability in the web-based user interface of Avaya Aura Orchestration Designer could allow an authenticated, remote attacker to gain read access to information that is stored on an affected system. The affected versions of Orchestration Designer includes all 7.x...

CVE-2020-7035 XXE in Avaya Aura Orchestration Designer

An XML External Entities XXEvulnerability in the web-based user interface of Avaya Aura Orchestration Designer could allow an authenticated, remote attacker to gain read access to information that is stored on an affected system. The affected versions of Orchestration Designer includes all 7.x...

CVE-2021-1473

Multiple vulnerabilities exist in the web-based management interface of Cisco Small Business RV Series Routers. A remote attacker could execute arbitrary commands or bypass authentication and upload files on an affected device. For more information about these vulnerabilities, see the Details...

Authentication flaw

Multiple vulnerabilities exist in the web-based management interface of Cisco Small Business RV Series Routers. A remote attacker could execute arbitrary commands or bypass authentication and upload files on an affected device. For more information about these vulnerabilities, see the Details...

CVE-2021-1463 Cisco Unified Intelligence Center Reflected Cross-Site Scripting Vulnerability

A vulnerability in the web-based management interface of Cisco Unified Intelligence Center Software could allow an unauthenticated, remote attacker to conduct a cross-site scripting XSS attack against a user of the interface. This vulnerability exists because the web-based management interface do...