CVE-2019-1956 Cisco SPA112 2-Port Phone Adapter Stored Cross-Site Scripting Vulnerability

A vulnerability in the web-based interface of the Cisco SPA112 2-Port Phone Adapter could allow an authenticated, remote attacker to conduct a cross-site scripting XSS attack against another user of the device. The vulnerability is due to insufficient validation of user-supplied input by the...

CVE-2019-1956

Cisco SPA112 2-Port Phone Adapter has a stored XSS vulnerability in its web-based configuration interface caused by insufficient validation of user input. An authenticated, remote attacker could inject malicious script via a configuration field, potentially executing in the context of the affecte...

CVE-2019-1946

CVE-2019-1946 affects Cisco Enterprise NFV Infrastructure Software (NFVIS) web-based management interface. The issue is an authentication bypass in the web interface due to an incorrect authentication implementation. An unauthenticated, remote attacker could access the web UI, view limited config...

Cisco SPA112 2-Port Phone Adapter Stored Cross-Site Scripting Vulnerability

A vulnerability in the web-based interface of the Cisco SPA112 2-Port Phone Adapter could allow an authenticated, remote attacker to conduct a cross-site scripting XSS attack against another user of the device. The vulnerability is due to insufficient validation of user-supplied input by the...

Cisco Firepower Management Center Persistent Cross-Site Scripting Vulnerability

A vulnerability in the web-based management interface of Cisco Firepower Management Center could allow an authenticated, remote attacker to conduct a cross-site scripting XSS attack against a user of the web-based management interface of an affected system. The vulnerability is due to insufficien...

CVE-2019-1931

Cisco Firepower Management Center (FMC) RSS dashboard suffers cross-site scripting (XSS) due to insufficient input validation in the web-based management interface. The flaws allow an unauthenticated, remote attacker to lure a user into clicking a crafted link, enabling arbitrary script execution...

CVE-2019-1621

A vulnerability in the web-based management interface of Cisco Data Center Network Manager DCNM could allow an unauthenticated, remote attacker to gain access to sensitive files on an affected device. The vulnerability is due to incorrect permissions settings on affected DCNM software. An attacke...

CVE-2019-1875

A vulnerability in the web-based management interface of Cisco Prime Service Catalog could allow an authenticated, remote attacker to conduct a cross-site scripting XSS attack against a user of the web-based interface. The vulnerability is due to insufficient validation of user-supplied input by...

CVE-2019-1874

A vulnerability in the web-based management interface of Cisco Prime Service Catalog Software could allow an unauthenticated, remote attacker to conduct a cross-site request forgery CSRF attack on an affected system. The vulnerability is due to insufficient CSRF protection mechanisms on the...

CVE-2019-1632

A vulnerability in the web-based management interface of Cisco Integrated Management Controller IMC could allow an authenticated, remote attacker to conduct a cross-site request forgery CSRF attack and perform arbitrary actions on an affected device. The vulnerability is due to insufficient CSRF...

Design/Logic Flaw

A vulnerability in the web-based management interface of Cisco Integrated Management Controller IMC could allow an unauthenticated, remote attacker to access potentially sensitive system usage information. The vulnerability is due to a lack of proper data protection mechanisms. An attacker could...

Cross site scripting

A vulnerability in the web-based management interface of Cisco Prime Service Catalog could allow an authenticated, remote attacker to conduct a cross-site scripting XSS attack against a user of the web-based interface. The vulnerability is due to insufficient validation of user-supplied input by...

CVE-2019-1874 Cisco Prime Service Catalog Cross-Site Request Forgery Vulnerability

A vulnerability in the web-based management interface of Cisco Prime Service Catalog Software could allow an unauthenticated, remote attacker to conduct a cross-site request forgery CSRF attack on an affected system. The vulnerability is due to insufficient CSRF protection mechanisms on the...

CVE-2019-1875 Cisco Prime Service Catalog Cross-Site Scripting Vulnerability

A vulnerability in the web-based management interface of Cisco Prime Service Catalog could allow an authenticated, remote attacker to conduct a cross-site scripting XSS attack against a user of the web-based interface. The vulnerability is due to insufficient validation of user-supplied input by...

CVE-2019-1875 Cisco Prime Service Catalog Cross-Site Scripting Vulnerability

A vulnerability in the web-based management interface of Cisco Prime Service Catalog could allow an authenticated, remote attacker to conduct a cross-site scripting XSS attack against a user of the web-based interface. The vulnerability is due to insufficient validation of user-supplied input by...

CVE-2019-1632 Cisco Integrated Management Controller Cross-Site Request Forgery Vulnerability

A vulnerability in the web-based management interface of Cisco Integrated Management Controller IMC could allow an authenticated, remote attacker to conduct a cross-site request forgery CSRF attack and perform arbitrary actions on an affected device. The vulnerability is due to insufficient CSRF...

Cisco Integrated Management Controller Cross-Site Request Forgery Vulnerability

A vulnerability in the web-based management interface of Cisco Integrated Management Controller IMC could allow an authenticated, remote attacker to conduct a cross-site request forgery CSRF attack and perform arbitrary actions on an affected device. The vulnerability is due to insufficient CSRF...

CVE-2019-1820

A vulnerability in the web-based management interface of Cisco Prime Infrastructure and Cisco Evolved Programmable Network EPN Manager software could allow an authenticated, remote attacker to download and view files within the application that should be restricted. This vulnerability is due to...

Input validation

A vulnerability in the web-based management interface of Cisco Video Surveillance Manager could allow an unauthenticated, remote attacker to access sensitive information. The vulnerability is due to improper validation of parameters handled by the web-based management interface. An attacker could...

PT-2019-2150 · Cisco · Cisco Evolved Programmable Network Manager +1

Name of the Vulnerable Software and Affected Versions: Cisco Prime Infrastructure affected versions not specified Cisco Evolved Programmable Network Manager affected versions not specified Description: The issue is related to improper validation of user-supplied input in the web-based management...