EUVD-2022-28623

Malicious code in bioql PyPI...

CVE-2025-20357

CVE-2025-20357 is a stored XSS vulnerability in Cisco Cyber Vision Center’s web-based management interface. The issue arises from insufficient input validation in the interface, allowing an authenticated attacker with access to the Reports page (valid admin credentials) to inject malicious script...

xss-security-scanner

XSS Security Scanner A professional web-based XSS vulnerabili...

CVE-2025-20280 Cisco Evolved Programmable Network Manager and Cisco Prime Infrastructure Stored Cross-Site Scripting Vulnerability

A vulnerability in the web-based management interface of Cisco Evolved Programmable Network Manager EPNM and Cisco Prime Infrastructure could allow an authenticated, remote attacker to conduct a stored cross-site scripting XSS attack against users of the interface of an affected system. This...

CVE-2025-20342

A vulnerability in the Virtual Keyboard Video Monitor vKVM connection handling of Cisco Integrated Management Controller IMC could allow an authenticated, remote attacker with low privileges to conduct a stored cross-site scripting XSS attack against a user of the interface. This vulnerability is...

graph-rag-poc

Graph RAG Pipeline - Proof of Concept A locally-executable Gr...

CVE-2025-20235

A vulnerability in the web-based management interface of Cisco Secure Firewall Management Center FMC Software could allow an unauthenticated, remote attacker to conduct a cross-site scripting XSS attack against a user of the interface. This vulnerability is due to insufficient validation of...

CVE-2025-20302

CVE-2025-20302 : Cisco Secure FMC Software’s web-based management interface contains a missing authorization check that could let an authenticated, low-privileged, remote attacker retrieve a generated report from a different domain managed on the same FMC instance. The attacker could directly acc...

CVE-2025-20302 Cisco Secure Firewall Management Center Software Authorization Bypass Vulnerability

A vulnerability in the web-based management interface of Cisco Secure FMC Software could allow an authenticated, low-privileged, remote attacker to retrieve a generated report from a different domain. This vulnerability is due to missing authorization checks. An attacker could exploit this...

CVE-2025-20148

CVE-2025-20148 affects Cisco Secure Firewall Management Center (FMC) Web UI. The flaw arises from improper validation of user-supplied data, enabling an authenticated attacker (requires at least a Security Analyst, Read Only) to inject arbitrary HTML into device-generated documents. Consequences ...

CVE-2024-20459

A vulnerability in the web-based management interface of Cisco ATA 190 Multiplatform Series Analog Telephone Adapter firmware could allow an authenticated, remote attacker with high privileges to execute arbitrary commands as the root user on the underlying operating system. This vulnerability is...

CVE-2024-20277

A vulnerability in the web-based management interface of Cisco ThousandEyes Enterprise Agent, Virtual Appliance installation type, could allow an authenticated, remote attacker to perform a command injection and elevate privileges to root. This vulnerability is due to insufficient validation of...

CVE-2024-20504

A vulnerability in the web-based management interface of Cisco AsyncOS Software for Cisco Secure Email and Web Manager, Secure Email Gateway, and Secure Web Appliance could allow an authenticated, remote attacker to conduct a stored cross-site scripting XSS attack against a user of the interface...

CVE-2024-20507

A vulnerability in the logging subsystem of Cisco Meeting Management could allow an authenticated, remote attacker to view sensitive information in clear text on an affected system. This vulnerability is due to improper storage of sensitive information within the web-based management interface of...

CVE-2022-20632

A vulnerability in the web-based management interface of Cisco ECE could allow an unauthenticated, remote attacker to conduct an XSS attack against a user of the interface of an affected device. The vulnerability exists because the web-based management interface does not properly validate...

CVE-2025-2771

BEC Technologies Multiple Routers Authentication Bypass Vulnerability. This vulnerability allows remote attackers to bypass authentication on affected installations of BEC Technologies routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the...

CVE-2024-20378

A vulnerability in the web-based management interface of Cisco IP Phone firmware could allow an unauthenticated, remote attacker to retrieve sensitive information from an affected device. This vulnerability is due to a lack of authentication for specific endpoints of the web-based management...

Cisco Common Services Platform Collector Cross-Site Scripting Vulnerabilities

Multiple vulnerabilities in the web-based management interface of Cisco Common Services Platform Collector CSPC could allow an authenticated, remote attacker to conduct cross-site scripting XSS attacks against a user of the interface. These vulnerabilities are due to insufficient validation of...

CVE-2020-3420 Cisco Unified Communications Manager Stored Cross-Site Scripting Vulnerability

A vulnerability in the web-based management interface of Cisco Unified Communications Manager Unified CM and Cisco Unified Communications Manager Session Management Edition Unified CM SME could allow an authenticated, remote attacker to conduct a cross-site scripting XSS attack against a user of...

CVE-2020-3431 Cisco Small Business RV Series Routers Cross-Site Scripting Vulnerability

A vulnerability in the web-based management interface of Cisco Small Business RV042 Dual WAN VPN Routers and Cisco Small Business RV042G Dual Gigabit WAN VPN Routers could allow an unauthenticated, remote attacker to conduct a cross-site scripting XSS attack against a user of the web-based...