Cisco Data Center Network Manager Stored Cross-Site Scripting Vulnerability

A vulnerability in the web-based management interface of Cisco Data Center Network Manager DCNM Software could allow an authenticated, remote attacker to conduct a cross-site scripting XSS attack against a user of the interface. The vulnerability is due to insufficient input validation by the...

Cisco Data Center Network Manager Cross-Site Scripting Vulnerability

A vulnerability in the web-based management interface of Cisco Data Center Network Manager DCNM Software could allow an authenticated, remote attacker to conduct a cross-site scripting XSS attack against a user of the interface of the affected software. The vulnerability exists because the...

CVE-2020-3461 Cisco Data Center Network Manager Information Disclosure Vulnerability

A vulnerability in the web-based management interface of Cisco Data Center Network Manager DCNM could allow an unauthenticated, remote attacker to obtain confidential information from an affected device. The vulnerability is due to missing authentication on a specific part of the web-based...

CVE-2020-3460

Cisco Data Center Network Manager (DCNM) web-based management interface is affected by an unauthenticated XSS vulnerability (CVE-2020-3460). The issue stems from improper validation of user-supplied input, allowing an attacker to inject malicious data into an HTTP header to execute script code in...

CVE-2020-3150

A vulnerability in the web-based management interface of Cisco Small Business RV110W and RV215W Series Routers could allow an unauthenticated, remote attacker to download sensitive information from the device, which could include the device configuration. The vulnerability is due to improper...

Sql injection

A vulnerability in the web-based management interface of Cisco Vision Dynamic Signage Director could allow an authenticated, remote attacker with administrative credentials to conduct SQL injection attacks on an affected system. The vulnerability is due to improper validation of user-submitted...

CVE-2020-3450

Cisco Vision Dynamic Signage Director is affected by CVE-2020-3450 via the web-based management interface. The issue is a SQL injection caused by improper validation of user-submitted parameters, exploitable by an authenticated attacker with administrative credentials. Successful exploitation cou...

CVE-2020-3437 Cisco SD-WAN vManage Software Information Disclosure Vulnerability

A vulnerability in the web-based management interface of Cisco SD-WAN vManage Software could allow an authenticated, remote attacker to read arbitrary files on the underlying filesystem of the device. The vulnerability is due to insufficient file scope limiting. An attacker could exploit this...

CVE-2020-3406 Cisco SD-WAN vManage Software Cross-Site Scripting Vulnerability

A vulnerability in the web-based management interface of the Cisco SD-WAN vManage Software could allow an authenticated, remote attacker to conduct a cross-site scripting XSS attack against a user of the interface. The vulnerability exists because the web-based management interface does not...

Cisco Data Center Network Manager Cross-Site Scripting Vulnerabilities

Multiple vulnerabilities in the web-based management interface of Cisco Data Center Network Manager DCNM could allow an authenticated, remote attacker to conduct a cross-site scripting XSS attack against a user of the interface on an affected device. These vulnerabilities are due to insufficient...

CVE-2020-3282 Cisco Unified Communications Products Cross-Site Scripting Vulnerability

A vulnerability in the web-based management interface of Cisco Unified Communications Manager, Cisco Unified Communications Manager Session Management Edition, Cisco Unified Communications Manager IM & Presence Service, and Cisco Unity Connection could allow an unauthenticated, remote attacker to...

CVE-2020-3340 Cisco Identity Services Engine Stored Cross-Site Scripting Vulnerabilities

Multiple vulnerabilities in the web-based management interface of Cisco Identity Services Engine ISE could allow an authenticated, remote attacker with administrative credentials to conduct a cross-site scripting XSS attack against a user of the interface. These vulnerabilities are due to...

CVE-2020-3297 Cisco Small Business Smart and Managed Switches Session Management Vulnerability

A vulnerability in session management for the web-based interface of Cisco Small Business Smart and Managed Switches could allow an unauthenticated, remote attacker to defeat authentication protections and gain unauthorized access to the management interface. The attacker could obtain the...

CVE-2020-3297 Cisco Small Business Smart and Managed Switches Session Management Vulnerability

A vulnerability in session management for the web-based interface of Cisco Small Business Smart and Managed Switches could allow an unauthenticated, remote attacker to defeat authentication protections and gain unauthorized access to the management interface. The attacker could obtain the...

Cisco Unified Communications Manager Stored Cross-Site Scripting Vulnerability

A vulnerability in the web-based management interface of Cisco Unified Communications Manager Unified CM and Cisco Unified Communications Manager Session Management Edition Unified CM SME could allow an authenticated, remote attacker to conduct a cross-site scripting XSS attack against a user of...

Stack overflow

Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV320 and RV325 Series Routers and Cisco Small Business RV016, RV042, and RV082 Routers could allow an authenticated, remote attacker with administrative privileges to execute arbitrary code on an affected...

CVE-2020-3268

The CVE-2020-3268 entry corresponds to multiple command-injection vulnerabilities in the web-based management interface of Cisco Small Business RV110W, RV130, RV130W, and RV215W Series Routers. An authenticated, administrative user could execute arbitrary commands via the web UI. Cisco has publis...

Unauthorized access vulnerability in zabbix management platform

zabbix is a WEB-based interface to provide distributed system monitoring and network monitoring capabilities of enterprise-class open source solutions . An unauthorized access vulnerability exists in the zabbix management platform, which can be exploited by attackers to obtain sensitive informati...

Cisco IOS XE Software Web UI Command Injection (cisco-sa-webui-cmdinj-zM283Zdw)

According to its self-reported version, Cisco IOS XE Software is affected by a Web UI Command Injection vulnerability. The vulnerability exists in the web-based user interface due to improper validation of specific HTTP requests. An authenticated, remote attacker can exploit this, to inject IOS...

CVE-2020-3233

A vulnerability in the web-based Local Manager interface of the Cisco IOx Application Framework could allow an authenticated, remote attacker to conduct a stored cross-site scripting XSS attack against a user of the web-based Local Manager interface of an affected device. The attacker must have...