Cisco Unified Communications Manager Cross-Site Request Forgery Vulnerability

A vulnerability in the web-based management interface of Cisco Unified Communications Manager UCM could allow an unauthenticated, remote attacker to conduct a cross-site request forgery CSRF attack on an affected device. The vulnerability is due to insufficient CSRF protections for the web-based...

CVE-2019-15994

Cisco Stealthwatch Enterprise Web UI contains an XSS vulnerability (CVE-2019-15994) due to insufficient input validation in the web-based management interface. An unauthenticated, remote attacker could entice a user to click a crafted link, enabling arbitrary script execution in the user’s browse...

Cisco Unified Communications Manager SQL Injection Vulnerability

A vulnerability in the web-based management interface of Cisco Unified Communications Manager could allow an authenticated, remote attacker to conduct SQL injection attacks on an affected system. The vulnerability exists because the web-based management interface improperly validates SQL values. ...

CVE-2019-15269

Multiple vulnerabilities in the web-based management interface of Cisco Firepower Management Center FMC could allow an authenticated, remote attacker to conduct a cross-site scripting XSS attack against a user of the web-based management interface. These vulnerabilities are due to insufficient...

CVE-2019-15268

Multiple vulnerabilities in the web-based management interface of Cisco Firepower Management Center FMC could allow an authenticated, remote attacker to conduct a cross-site scripting XSS attack against a user of the web-based management interface. These vulnerabilities are due to insufficient...

CVE-2019-15247

Multiple vulnerabilities in Cisco SPA100 Series Analog Telephone Adapters ATAs could allow an authenticated, adjacent attacker to execute arbitrary code with elevated privileges. The vulnerabilities are due to improper validation of user-supplied input to the web-based management interface. An...

Design/Logic Flaw

A vulnerability in the web-based management interface of Cisco SPA100 Series Analog Telephone Adapters ATAs could allow an authenticated, remote attacker to access sensitive information on an affected device. The vulnerability is due to unsafe handling of user credentials. An attacker could explo...

Cross site scripting

A vulnerability in the web-based management interface of Cisco Firepower Management Center FMC Software could allow an authenticated, remote attacker to conduct a stored cross-site scripting XSS attack against a user of the web-based management interface. The vulnerability is due to insufficient...

Cross site request forgery (csrf)

A vulnerability in the web-based management interface of Cisco Small Business Smart and Managed Switches could allow an unauthenticated, remote attacker to conduct a cross-site request forgery CSRF attack on an affected system. The vulnerability is due to insufficient CSRF protections for the...

Cross site scripting

Multiple vulnerabilities in the web-based management interface of Cisco Firepower Management Center FMC could allow an authenticated, remote attacker to conduct a cross-site scripting XSS attack against a user of the web-based management interface. These vulnerabilities are due to insufficient...

Input validation

Multiple vulnerabilities in Cisco SPA100 Series Analog Telephone Adapters ATAs could allow an authenticated, adjacent attacker to execute arbitrary code with elevated privileges. The vulnerabilities are due to improper validation of user-supplied input to the web-based management interface. An...

CVE-2019-15280 Cisco Firepower Management Center Software Stored Cross-Site Scripting Vulnerability

A vulnerability in the web-based management interface of Cisco Firepower Management Center FMC Software could allow an authenticated, remote attacker to conduct a stored cross-site scripting XSS attack against a user of the web-based management interface. The vulnerability is due to insufficient...

CVE-2019-15270 Cisco Firepower Management Center Stored Cross-Site Scripting Vulnerability

A vulnerability in the web-based management interface of Cisco Firepower Management Center FMC could allow an unauthenticated, remote attacker to conduct a cross-site scripting XSS attack against a user of the web-based management interface. The vulnerability is due to insufficient validation of...

CVE-2019-12718 Cisco Small Business Smart and Managed Switches Cross-Site Scripting Vulnerability

A vulnerability in the web-based interface of Cisco Small Business Smart and Managed Switches could allow an unauthenticated, remote attacker to conduct a cross-site scripting XSS attack against a user of the web-based interface. The vulnerability is due to insufficient validation of user-supplie...

CVE-2019-12718 Cisco Small Business Smart and Managed Switches Cross-Site Scripting Vulnerability

A vulnerability in the web-based interface of Cisco Small Business Smart and Managed Switches could allow an unauthenticated, remote attacker to conduct a cross-site scripting XSS attack against a user of the web-based interface. The vulnerability is due to insufficient validation of user-supplie...

Cisco Firepower Management Center Multiple SQLi (cisco-sa-20191002-fmc-sql-inj)

According to its self-reported version, Cisco Firepower Management Center is affected by multiple SQL injection SQLi vulnerabilities in the web-based management interface. These vulnerabilities exist due to improper validation of user-supplied input. A low-privileged, remote attacker can exploit...

CVE-2019-15272

A vulnerability in the web-based interface of Cisco Unified Communications Manager and Cisco Unified Communications Manager Session Management Edition SME could allow an unauthenticated, remote attacker to bypass security restrictions. The vulnerability is due to improper handling of malformed HT...

CVE-2019-1915

A vulnerability in the web-based interface of Cisco Unified Communications Manager, Cisco Unified Communications Manager Session Management Edition SME, Cisco Unified Communications Manager IM and Presence Unified CM IM&P Service, and Cisco Unity Connection could allow an unauthenticated, remote...

CVE-2019-12713

A vulnerability in the web-based management interface of Cisco Prime Infrastructure could allow an unauthenticated, remote attacker to conduct a cross-site scripting XSS attack against a user of the web-based management interface of the affected software. The vulnerability is due to insufficient...

CVE-2019-12716

A vulnerability in the web-based interface of Cisco Unified Communications Manager and Cisco Unified Communications Manager Session Management Edition SME could allow an unauthenticated, remote attacker to conduct a cross-site scripting XSS attack against a user of the web-based interface. The...