CVE-2020-3233 Cisco IOx Application Framework Local Manager Stored Cross-Site Scripting Vulnerability

A vulnerability in the web-based Local Manager interface of the Cisco IOx Application Framework could allow an authenticated, remote attacker to conduct a stored cross-site scripting XSS attack against a user of the web-based Local Manager interface of an affected device. The attacker must have...

Cisco Prime Collaboration Provisioning Software SQL Injection Vulnerability

A vulnerability in the web-based management interface of Cisco Prime Collaboration Provisioning Software could allow an authenticated, remote attacker to conduct SQL injection attacks on an affected system. The vulnerability exists because the web-based management interface improperly validates...

CVE-2020-3261

A vulnerability in the web-based management interface of Cisco Mobility Express Software could allow an unauthenticated, remote attacker to conduct a cross-site request forgery CSRF attack on an affected system. The vulnerability is due to insufficient CSRF protections for the web-based managemen...

CVE-2020-3157

A vulnerability in the web-based management interface of Cisco Identity Services Engine ISE could allow an authenticated, remote attacker to conduct a cross-site scripting XSS attack against a user of the web-based interface. The vulnerability is due to insufficient validation of user-supplied...

CVE-2020-3148

Cisco Prime Network Registrar CSRF (CVE-2020-3148) affects the web-based interface due to insufficient CSRF protections. An unauthenticated, remote attacker can entice a user with an active admin session to click a malicious link, potentially changing configuration (including user accounts) and a...

CVE-2020-3185 Cisco TelePresence Management Suite Stored Cross-Site Scripting Vulnerability

A vulnerability in the web-based management interface of Cisco TelePresence Management Suite TMS could allow an authenticated, remote attacker to conduct a cross-site scripting XSS attack against a user of the web-based management interface. The vulnerability is due to insufficient input validati...

CVE-2020-9477

An issue was discovered on HUMAX HGA12R-02 BRGCAA 1.1.53 devices. A vulnerability in the authentication functionality in the web-based interface could allow an unauthenticated remote attacker to capture packets at the time of authentication and gain access to the cleartext password. An attacker...

CVE-2020-3156

A vulnerability in the logging component of Cisco Identity Services Engine could allow an unauthenticated remote attacker to conduct cross-site scripting attacks. The vulnerability is due to the improper validation of endpoint data stored in logs used by the web-based interface. An attacker could...

Cross site scripting

A vulnerability in the logging component of Cisco Identity Services Engine could allow an unauthenticated remote attacker to conduct cross-site scripting attacks. The vulnerability is due to the improper validation of endpoint data stored in logs used by the web-based interface. An attacker could...

CVE-2020-3156

CVE-2020-3156 describes a cross-site scripting vulnerability in the logging component of Cisco Identity Services Engine (ISE). The issue arises from improper validation of endpoint data stored in logs used by the web-based interface, enabling an unauthenticated remote attacker to inject scripts t...

CVE-2020-3156 Cisco Identity Services Engine Cross-Site Scripting Vulnerability

A vulnerability in the logging component of Cisco Identity Services Engine could allow an unauthenticated remote attacker to conduct cross-site scripting attacks. The vulnerability is due to the improper validation of endpoint data stored in logs used by the web-based interface. An attacker could...

CVE-2020-3156 Cisco Identity Services Engine Cross-Site Scripting Vulnerability

A vulnerability in the logging component of Cisco Identity Services Engine could allow an unauthenticated remote attacker to conduct cross-site scripting attacks. The vulnerability is due to the improper validation of endpoint data stored in logs used by the web-based interface. An attacker could...

Cisco Data Center Network Manager Cross-Site Request Forgery Vulnerability

A vulnerability in the web-based management interface of Cisco Data Center Network Manager DCNM could allow an unauthenticated, remote attacker to conduct a cross-site request forgery CSRF attack on an affected system. The vulnerability is due to insufficient CSRF protections for the web-based...

Cisco Unified Communications Manager Cross-Site Request Forgery Vulnerability (cisco-sa-20200122-cuc-info-disclosure)

According to its self-reported version, Cisco Unified Communications Manager could allow an authenticated, remote attacker to view sensitive information in the web-based management interface of the affected software. The vulnerability is due to insufficient protection of user-supplied input by th...

CVE-2019-16024

A vulnerability in the web-based management interface of Cisco Crosswork Change Automation could allow an unauthenticated, remote attacker to conduct a cross-site scripting XSS attack against a user of the web-based management interface of an affected system. The vulnerability is due to...

CVE-2019-16015

A vulnerability in the web-based management interface of the Cisco Data Center Analytics Framework application could allow an unauthenticated, remote attacker to conduct a reflected cross-site scripting XSS attack against a user of the interface of an affected system. The vulnerability is due to...

Authorization

A vulnerability in the web-based management interface of Cisco Identity Services Engine ISE could allow an authenticated, remote attacker to bypass authorization and access sensitive information related to the device. The vulnerability exists because the software fails to sanitize URLs before it...

CVE-2019-16005 Cisco Webex Video Mesh Node Command Injection Vulnerability

A vulnerability in the web-based management interface of Cisco Webex Video Mesh could allow an authenticated, remote attacker to execute arbitrary commands on the affected system. The vulnerability is due to improper validation of user-supplied input by the web-based management interface of the...

CVE-2019-16015 Cisco Data Center Analytics Framework Cross-Site Scripting Vulnerability

A vulnerability in the web-based management interface of the Cisco Data Center Analytics Framework application could allow an unauthenticated, remote attacker to conduct a reflected cross-site scripting XSS attack against a user of the interface of an affected system. The vulnerability is due to...

Cisco Unified Communications Manager Cross-Site Request Forgery Vulnerability

A vulnerability in the web-based management interface of Cisco Unified Communications Manager UCM could allow an unauthenticated, remote attacker to conduct a cross-site request forgery CSRF attack on an affected device. The vulnerability is due to insufficient CSRF protections for the web-based...