CVE-2024-0531

A vulnerability was found in Tenda A15 15.13.07.13. It has been classified as critical. This affects an unknown part of the file /goform/setBlackRule of the component Web-based Management Interface. The manipulation of the argument deviceList leads to stack-based buffer overflow. It is possible t...

CVE-2024-0532

A vulnerability was found in Tenda A15 15.13.07.13. It has been declared as critical. This vulnerability affects the function setrepeat5 of the file /goform/WifiExtraSet of the component Web-based Management Interface. The manipulation of the argument wpapskcrypto24g/wpapskcrypto5g leads to...

CVE-2024-0534

A vulnerability classified as critical has been found in Tenda A15 15.13.07.13. Affected is an unknown function of the file /goform/SetOnlineDevName of the component Web-based Management Interface. The manipulation of the argument mac leads to stack-based buffer overflow. It is possible to launch...

CVE-2025-20166 Cisco Common Services Platform Collector Cross-Site Scripting Vulnerability

A vulnerability in the web-based management interface of Cisco Common Services Platform Collector CSPC could allow an authenticated, remote attacker to conduct cross-site scripting XSS attacks against a user of the interface. This vulnerability is due to insufficient validation of user-supplied...

PT-2025-1022 · Cisco · Cisco Common Services Platform Collector

Name of the Vulnerable Software and Affected Versions: Cisco Common Services Platform Collector CSPC affected versions not specified Description: A vulnerability in the web-based management interface of Cisco Common Services Platform Collector CSPC could allow an authenticated, remote attacker to...

Aruba ClearPass Policy Manager <= 6.12.x < 6.12.2 / 6.11.x < 6.11.9 Multiple Vulnerabilities

The version of Aruba ClearPass Policy Manager installed on the remote host is prior or equal to 6.12.2 or 6.11.9. It is, therefore, affected by multiple vulnerabilities as referenced in the HPESBNW04761 advisory. - A vulnerability in the HPE Aruba Networking ClearPass Policy Manager web-based...

CVE-2024-53672 Authenticated Remote Command Injection in HPE Aruba Networking ClearPass Policy Manager Web-Based Management Interface

A vulnerability in the ClearPass Policy Manager web-based management interface allows remote authenticated users to run arbitrary commands on the underlying host. Successful exploit could allow an attacker to execute arbitrary commands as a lower privileged user on the underlying operating system...

CVE-2024-53672 Authenticated Remote Command Injection in HPE Aruba Networking ClearPass Policy Manager Web-Based Management Interface

A vulnerability in the ClearPass Policy Manager web-based management interface allows remote authenticated users to run arbitrary commands on the underlying host. Successful exploit could allow an attacker to execute arbitrary commands as a lower privileged user on the underlying operating system...

CVE-2024-51773

CVE-2024-51773 affects Hewlett Packard Enterprise Aruba ClearPass Policy Manager web-based management interface. A stored XSS vulnerability allows an authenticated remote attacker to perform actions within the user’s permissions, potentially accessing data, modifying or deleting information, and ...

CVE-2024-51771 Authenticated Remote Code Execution (RCE) via OGNL Injection in HPE Aruba Networking ClearPass Web-Based Management Interface

A vulnerability in the HPE Aruba Networking ClearPass Policy Manager web-based management interface could allow an authenticated remote threat actor to conduct a remote code execution attack. Successful exploitation could enable the attacker to run arbitrary commands on the underlying operating...

CVE-2024-51771 Authenticated Remote Code Execution (RCE) via OGNL Injection in HPE Aruba Networking ClearPass Web-Based Management Interface

A vulnerability in the HPE Aruba Networking ClearPass Policy Manager web-based management interface could allow an authenticated remote threat actor to conduct a remote code execution attack. Successful exploitation could enable the attacker to run arbitrary commands on the underlying operating...

CVE-2020-3420

A vulnerability in the web-based management interface of Cisco Unified Communications Manager Unified CM and Cisco Unified Communications Manager Session Management Edition Unified CM SME could allow an authenticated, remote attacker to conduct a cross-site scripting XSS attack against a user of...

CVE-2020-3420 Cisco Unified Communications Manager Stored Cross-Site Scripting Vulnerability

A vulnerability in the web-based management interface of Cisco Unified Communications Manager Unified CM and Cisco Unified Communications Manager Session Management Edition Unified CM SME could allow an authenticated, remote attacker to conduct a cross-site scripting XSS attack against a user of...

CVE-2021-1232 Cisco SD-WAN vManage Information Disclosure Vulnerability

A vulnerability in the web-based management interface of Cisco SD-WAN vManage Software could allow an authenticated, remote attacker to read arbitrary files on the underlying filesystem of an affected system. This vulnerability is due to insufficient access control for sensitive information that ...

CVE-2021-1470

A vulnerability in the web-based management interface of Cisco SD-WAN vManage Software could allow an authenticated, remote attacker to conduct SQL injection attacks on an affected system. This vulnerability is due to improper input validation of SQL queries to an affected system. An attacker cou...

CVE-2021-1481 Cisco SD-WAN vManage Cypher Query Language Injection Vulnerability

A vulnerability in the web-based management interface of Cisco SD-WAN vManage Software could allow an authenticated, remote attacker to conduct Cypher query language injection attacks on an affected system. This vulnerability is due to insufficient input validation by the web-based management...

CVE-2021-1482 Cisco SD-WAN vManage Authorization Bypass Vulnerability

A vulnerability in the web-based management interface of Cisco SD-WAN vManage Software could allow an authenticated, remote attacker to bypass authorization checking and gain access to sensitive information on an affected system. This vulnerability is due to insufficient authorization checks. An...

CVE-2021-1491 Cisco SD-WAN vManage Software Information Disclosure Vulnerability

A vulnerability in the web-based management interface of Cisco SD-WAN vManage Software could allow an authenticated, remote attacker to read arbitrary files on the underlying file system of the device. This vulnerability is due to insufficient file scope limiting. An attacker could exploit this...

CVE-2022-20626 Cisco Prime Access Registrar Appliance Cross-Site Scripting Vulnerability

A vulnerability in the web-based management interface of Cisco Prime Access Registrar Appliance could allow an authenticated, remote attacker to conduct a cross-site scripting attack against a user of the interface. The attacker would require valid credentials for the device. This vulnerability i...

Cisco Prime Infrastructure XSS (cisco-sa-epnmpi-sxss-yyf2zkXs)

The version of Cisco Prime Infrastructure installed on the remote host is 3.10.x prior to 3.10.6. It is, therefore, affected by multiple vulnerabilities: - A vulnerability in the web-based management interface of Cisco Prime Infrastructure could allow an authenticated, low-privileged, remote...