CVE-2023-20204

A vulnerability in the web-based management interface of Cisco BroadWorks CommPilot Application Software could allow an authenticated, remote attacker to conduct a cross-site scripting XSS attack against a user of the interface. This vulnerability exists because the web-based management interface...

CVE-2023-20204

Cisco BroadWorks CommPilot Application Software exposes a cross-site scripting (XSS) vulnerability in its web-based management interface. It stems from improper validation of user input, exploitable when a user is persuaded to click a crafted link, potentially allowing arbitrary script execution ...

Cisco BroadWorks CommPilot Application Software Cross-Site Scripting Vulnerability

A vulnerability in the web-based management interface of Cisco BroadWorks CommPilot Application Software could allow an authenticated, remote attacker to conduct a cross-site scripting XSS attack against a user of the interface. This vulnerability exists because the web-based management interface...

CVE-2023-35978

A vulnerability in ArubaOS could allow an unauthenticated remote attacker to conduct a reflected cross-site scripting XSS attack against a user of the web-based management interface. A successful exploit could allow an attacker to execute arbitrary script code in a victim's browser in the context...

Cross site scripting

A vulnerability in ArubaOS could allow an unauthenticated remote attacker to conduct a reflected cross-site scripting XSS attack against a user of the web-based management interface. A successful exploit could allow an attacker to execute arbitrary script code in a victim's browser in the context...

CVE-2023-35978 Reflected Cross-Site Scripting (XSS) in ArubaOS Web-based Management Interface

A vulnerability in ArubaOS could allow an unauthenticated remote attacker to conduct a reflected cross-site scripting XSS attack against a user of the web-based management interface. A successful exploit could allow an attacker to execute arbitrary script code in a victim's browser in the context...

CVE-2023-35978 Reflected Cross-Site Scripting (XSS) in ArubaOS Web-based Management Interface

A vulnerability in ArubaOS could allow an unauthenticated remote attacker to conduct a reflected cross-site scripting XSS attack against a user of the web-based management interface. A successful exploit could allow an attacker to execute arbitrary script code in a victim's browser in the context...

CVE-2023-35971 Unauthenticated Stored Cross-Site Scripting (XSS) in ArubaOS Web-based Management Interface

A vulnerability in the ArubaOS web-based management interface could allow an unauthenticated remote attacker to conduct a stored cross-site scripting XSS attack against a user of the interface. A successful exploit could allow an attacker to execute arbitrary script code in a victim's browser in...

PT-2023-3313 · Cisco · Cisco Secure Web Appliance +3

Name of the Vulnerable Software and Affected Versions: Cisco AsyncOS Software for Cisco Secure Email and Web Manager, Cisco Secure Email Gateway, and Cisco Secure Web Appliance affected versions not specified Description: The issue exists due to inadequate protection of the web page structure in...

Cisco Identity Services Engine 3.x < 3.2P1 Arbitrary File Download (cisco-sa-ise-file-dwnld-Srcdnkd2)

According to its self-reported version, Cisco Identity Services is affected by a vulnerability in the web-based management interface. These allow an authenticated, remote attacker to download arbitrary files from the file system of an affected device. These vulnerabilities are due to insufficient...

Cisco DNA Center Privilege Escalation (cisco-sa-dnac-privesc-QFXe74RS)

The version of Cisco DNA Center installed on the remote host is prior to 2.3.3.6 or is 2.3.4.x. It is, therefore, affected by a privilege escalation vulnerability. Due to unintended exposure of sensitive information in the web-based management interface, an authenticated remote attacker can inspe...

CVE-2023-20077

Multiple vulnerabilities in the web-based management interface of Cisco Identity Services Engine ISE could allow an authenticated, remote attacker to download arbitrary files from the filesystem of an affected device. These vulnerabilities are due to insufficient input validation. An attacker cou...

Sql injection

A vulnerability in the web-based management interface of Cisco Smart Software Manager On-Prem SSM On-Prem could allow an authenticated, remote attacker to conduct SQL injection attacks on an affected system. This vulnerability exists because the web-based management interface inadequately validat...

Input validation

Multiple vulnerabilities in the web-based management interface of Cisco Identity Services Engine ISE could allow an authenticated, remote attacker to download arbitrary files from the filesystem of an affected device. These vulnerabilities are due to insufficient input validation. An attacker cou...

Cisco Smart Software Manager On-Prem SQL Injection Vulnerability

A vulnerability in the web-based management interface of Cisco Smart Software Manager On-Prem SSM On-Prem could allow an authenticated, remote attacker to conduct SQL injection attacks on an affected system. This vulnerability exists because the web-based management interface inadequately validat...

Cisco Small Business RV016, RV042, RV042G, RV082 , RV320, and RV325 Routers XSS Vulnerabilities (cisco-sa-rv-stored-xss-vqz7gC8W)

According to its self-reported version, Cisco Small Business RV016, RV042, RV042G, RV082 , RV320, and RV325 Routers Cross-Site Scripting Vulnerabilities is affected by multiple vulnerabilities: - Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV016, RV042,...

Cisco Prime Infrastructure Multiple Vulnerabilities (cisco-sa-pi-epnm-eRPWAXLe)

The version of Cisco Prime Infrastructure installed on the remote host is prior to 3.7.1, 3.8.1, 3.9.1 or 3.10.2. It is, therefore, affected by multiple vulnerabilities as referenced in the cisco-sa-pi-epnm-eRPWAXLe advisory: - An information disclosure vulnerability in the web-based management...

CVE-2023-20096

A vulnerability in the web-based management interface of Cisco Unified Contact Center Express Unified CCX could allow an authenticated, remote attacker to perform a stored cross-site scripting XSS attack. This vulnerability is due to insufficient input validation of user-supplied data. An attacke...

Cross site request forgery (csrf)

Multiple vulnerabilities in the web-based management interface of Cisco Prime Infrastructure and Cisco Evolved Programmable Network Manager EPNM could allow a remote attacker to obtain privileged information and conduct cross-site scripting XSS and cross-site request forgery CSRF attacks. For mor...

CVE-2023-20138 Cisco Small Business RV016, RV042, RV042G, RV082 , RV320, and RV325 Routers Cross-Site Scripting Vulnerabilities

Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV016, RV042, RV042G, RV082, RV320, and RV325 Routers could allow an unauthenticated, remote attacker to conduct cross-site scripting XSS attacks against a user of the interface. These vulnerabilities are due t...