644 matches found
CVE-2019-1852
A vulnerability in the web-based management interface of Cisco Prime Network Registrar could allow an unauthenticated, remote attacker to conduct a cross-site scripting XSS attack against a user of the web-based interface. The vulnerability is due to insufficient validation of user-supplied input...
Session fixation
A vulnerability in the session management functionality of the web-based interface for Cisco Small Business RV320 and RV325 Dual Gigabit WAN VPN Routers could allow an unauthenticated, remote attacker to hijack a valid user session on an affected system. An attacker could use this impersonated...
CVE-2019-1852 Cisco Prime Network Registrar Cross-Site Scripting Vulnerability
A vulnerability in the web-based management interface of Cisco Prime Network Registrar could allow an unauthenticated, remote attacker to conduct a cross-site scripting XSS attack against a user of the web-based interface. The vulnerability is due to insufficient validation of user-supplied input...
CVE-2019-1852 Cisco Prime Network Registrar Cross-Site Scripting Vulnerability
A vulnerability in the web-based management interface of Cisco Prime Network Registrar could allow an unauthenticated, remote attacker to conduct a cross-site scripting XSS attack against a user of the web-based interface. The vulnerability is due to insufficient validation of user-supplied input...
CVE-2019-1724 Cisco Small Business RV320 and RV325 Routers Session Hijacking Vulnerability
A vulnerability in the session management functionality of the web-based interface for Cisco Small Business RV320 and RV325 Dual Gigabit WAN VPN Routers could allow an unauthenticated, remote attacker to hijack a valid user session on an affected system. An attacker could use this impersonated...
CVE-2019-1802 Cisco Firepower Management Center Persistent Cross-Site Scripting Vulnerability
A vulnerability in the web-based management interface of Cisco Firepower Management Center FMC could allow an authenticated, remote attacker to conduct a cross-site scripting XSS attack against a user of the web-based management interface of an affected system. The vulnerability is due to...
CVE-2019-1777 Cisco Registered Envelope Service Stored Cross-Site Scripting Vulnerability
A vulnerability in the web-based interface of the Cisco Registered Envelope Service could allow an authenticated, remote attacker to conduct a cross-site scripting XSS attack against another user of the service. The vulnerability is due to insufficient validation of user-supplied input by the...
CVE-2019-1777 Cisco Registered Envelope Service Stored Cross-Site Scripting Vulnerability
A vulnerability in the web-based interface of the Cisco Registered Envelope Service could allow an authenticated, remote attacker to conduct a cross-site scripting XSS attack against another user of the service. The vulnerability is due to insufficient validation of user-supplied input by the...
CVE-2019-1719 Cisco Identity Services Engine Cross-Site Scripting Vulnerability
A vulnerability in the web-based guest portal of Cisco Identity Services Engine ISE could allow an authenticated, remote attacker to conduct a cross-site scripting XSS attack against a user of the web-based management interface. The vulnerability is due to insufficient validation of user-supplied...
Design/Logic Flaw
A vulnerability in the session identification management functionality of the web-based interface of Cisco Wireless LAN Controller WLC Software could allow an unauthenticated, remote attacker to hijack a valid user session on an affected system. The vulnerability exists because the affected...
CVE-2018-0382 Cisco Wireless LAN Controller Software Session Hijacking Vulnerability
A vulnerability in the session identification management functionality of the web-based interface of Cisco Wireless LAN Controller WLC Software could allow an unauthenticated, remote attacker to hijack a valid user session on an affected system. The vulnerability exists because the affected...
CVE-2018-0382 Cisco Wireless LAN Controller Software Session Hijacking Vulnerability
A vulnerability in the session identification management functionality of the web-based interface of Cisco Wireless LAN Controller WLC Software could allow an unauthenticated, remote attacker to hijack a valid user session on an affected system. The vulnerability exists because the affected...
Cisco Registered Envelope Service Stored Cross-Site Scripting Vulnerability
A vulnerability in the web-based interface of the Cisco Registered Envelope Service could allow an authenticated, remote attacker to conduct a cross-site scripting XSS attack against another user of the service. The vulnerability is due to insufficient validation of user-supplied input by the...
Cisco Wireless LAN Controller Software Session Hijacking Vulnerability
A vulnerability in the session identification management functionality of the web-based interface of Cisco Wireless LAN Controller WLC Software could allow an unauthenticated, remote attacker to hijack a valid user session on an affected system. The vulnerability exists because the affected...
PT-2019-2130 · Cisco · Cisco Registered Envelope Service
Name of the Vulnerable Software and Affected Versions: Cisco Registered Envelope Service versions 5.3.4.x Description: The issue is related to insufficient validation of user-supplied input by the web-based interface, allowing an attacker to conduct a cross-site scripting XSS attack. This could...
Cisco Small Business RV320 and RV325 Routers Multiple Vulnerabilities (cisco-sa-20190123-rv-inject, cisco-sa-20190123-rv-info)
According to its self-reported version, this Cisco Small Business RV Series router is affected by multiple vulnerabilities: - A vulnerability in the web-based management interface of Cisco Small Business RV320 and RV325 Dual Gigabit WAN VPN Routers could allow an authenticated, remote attacker wi...
Cisco IP Phone 8800 Series Cross-Site Request Forgery Vulnerability
A vulnerability in the web-based management interface of Session Initiation Protocol SIP Software for Cisco IP Phone 8800 Series could allow an unauthenticated, remote attacker to conduct a cross-site request forgery CSRF attack. The vulnerability is due to insufficient CSRF protections for the...
CVE-2019-1707 Cisco DNA Center Access Contract Stored Cross-Site Scripting Vulnerability
A vulnerability in the web-based management interface of Cisco DNA Center could allow an authenticated, remote attacker to conduct a cross-site scripting XSS attack against a user of the web-based management interface of an affected device. The vulnerability is due to insufficient validation of...
Cisco Routers CVE-2019-1663 Remote Command Execution
Description A vulnerability in the web-based management interface of the Cisco RV110W Wireless-N VPN Firewall, Cisco RV130W Wireless-N Multifunction VPN Router, and Cisco RV215W Wireless-N VPN Router could allow an unauthenticated, remote attacker to execute arbitrary code on an affected device...
CVE-2019-1663 Cisco RV110W, RV130W, and RV215W Routers Management Interface Remote Command Execution Vulnerability
A vulnerability in the web-based management interface of the Cisco RV110W Wireless-N VPN Firewall, Cisco RV130W Wireless-N Multifunction VPN Router, and Cisco RV215W Wireless-N VPN Router could allow an unauthenticated, remote attacker to execute arbitrary code on an affected device. The...