1098 matches found
Cisco Firepower Management Center Software XSS Vulnerabilities (cisco-sa-fmc-xss-LATZYzxs)
The version of Cisco Firepower Management Center installed on the remote host is prior to tested version. It is, therefore, affected by multiple vulnerabilities in the web-based management interface of Cisco Firepower Management Center FMC Software could allow an authenticated, remote attacker to...
CVE-2022-20935
Multiple vulnerabilities in the web-based management interface of Cisco Firepower Management Center FMC Software could allow an authenticated, remote attacker to conduct a stored cross-site scripting XSS attack against a user of the interface of an affected device. These vulnerabilities are due t...
CVE-2022-20839
Multiple vulnerabilities in the web-based management interface of Cisco Firepower Management Center FMC Software could allow an authenticated, remote attacker to conduct a stored cross-site scripting XSS attack against a user of the interface of an affected device. These vulnerabilities are due t...
CVE-2022-20833
Multiple vulnerabilities in the web-based management interface of Cisco Firepower Management Center FMC Software could allow an authenticated, remote attacker to conduct a stored cross-site scripting XSS attack against a user of the interface of an affected device. These vulnerabilities are due t...
Cross site scripting
Multiple vulnerabilities in the web-based management interface of Cisco Firepower Management Center FMC Software could allow an authenticated, remote attacker to conduct a stored cross-site scripting XSS attack against a user of the interface of an affected device. These vulnerabilities are due t...
Cross site scripting
Multiple vulnerabilities in the web-based management interface of Cisco Firepower Management Center FMC Software could allow an authenticated, remote attacker to conduct a stored cross-site scripting XSS attack against a user of the interface of an affected device. These vulnerabilities are due t...
CVE-2022-20932
CVE-2022-20932 involves multiple stored XSS vulnerabilities in the Cisco Firepower Management Center (FMC) web-based management interface. The issues arise from insufficient validation of user-supplied input in data fields, allowing an authenticated, remote attacker to inject script code that run...
CVE-2022-20839
Multiple vulnerabilities in the web-based management interface of Cisco Firepower Management Center FMC Software could allow an authenticated, remote attacker to conduct a stored cross-site scripting XSS attack against a user of the interface of an affected device. These vulnerabilities are due t...
CVE-2022-20838
Cisco Firepower Management Center (FMC) web UI contains stored XSS vulnerabilities due to insufficient input validation. An authenticated, remote attacker could inject crafted input into UI fields to execute arbitrary script in the FMC interface context or access browser-based information, with p...
CVE-2022-20835
Multiple vulnerabilities in the web-based management interface of Cisco Firepower Management Center FMC Software could allow an authenticated, remote attacker to conduct a stored cross-site scripting XSS attack against a user of the interface of an affected device. These vulnerabilities are due t...
CVE-2022-20834
Multiple vulnerabilities in the web-based management interface of Cisco Firepower Management Center FMC Software could allow an authenticated, remote attacker to conduct a stored cross-site scripting XSS attack against a user of the interface of an affected device. These vulnerabilities are due t...
CVE-2022-20941
A vulnerability in the web-based management interface of Cisco Firepower Management Center FMC Software could allow an unauthenticated, remote attacker to access sensitive information. This vulnerability is due to missing authorization for certain resources in the web-based management interface...
CVE-2022-20963
A vulnerability in the web-based management interface of Cisco Identity Services Engine ISE could allow an authenticated, remote attacker to conduct a cross-site scripting XSS attack against a user of the web-based management interface of an affected device. This vulnerability is due to...
CVE-2022-20961
A vulnerability in the web-based management interface of Cisco Identity Services Engine ISE could allow an unauthenticated, remote attacker to conduct a cross-site request forgery CSRF attack and perform arbitrary actions on an affected device. This vulnerability is due to insufficient CSRF...
Cross site scripting
A vulnerability in the web-based management interface of Cisco Identity Services Engine ISE could allow an authenticated, remote attacker to conduct a cross-site scripting XSS attack against a user of the web-based management interface of an affected device. This vulnerability is due to...
CVE-2022-20956
Cisco Identity Services Engine (ISE) exposes a vulnerability in its web-based management interface where improper access control could allow an authenticated remote attacker to bypass authorization and access system files. The issue arises from insufficient access controls in the web UI, enabling...
Cisco Identity Services Engine Insufficient Access Control Vulnerability
A vulnerability in the web-based management interface of Cisco Identity Services Engine ISE could allow an authenticated, remote attacker to bypass authorization and access system files. This vulnerability is due to improper access control in the web-based management interface of an affected...
Cisco Identity Services Engine Cross-Site Request Forgery Vulnerability
A vulnerability in the web-based management interface of Cisco Identity Services Engine ISE could allow an unauthenticated, remote attacker to conduct a cross-site request forgery CSRF attack and perform arbitrary actions on an affected device. This vulnerability is due to insufficient CSRF...
Linux kernel access control error vulnerability (CNVD-2022-74085)
Linux kernel is the kernel used by the Linux Foundation's open source operating system Linux. Linux kernel is vulnerable to an access control error. A remote attacker could retrieve sensitive information by connecting to a Web-based management interface and requesting URLs...
Cisco Identity Services Engine XSS (cisco-sa-ise-xss-twLnpy3M)
According to its self-reported version, Cisco Identity Services Engine is affected by a cross-site scripting XSS vulnerability due to insufficient input validation in the External RESTful Services ERS API. An attacker could exploit this vulnerability by persuading an authenticated administrator o...