CVE-2022-20645 Cisco Security Manager Cross-Site Scripting Vulnerabilities

Multiple vulnerabilities in the web-based management interface of Cisco Security Manager could allow an unauthenticated, remote attacker to conduct cross-site scripting attacks against a user of the interface. These vulnerabilities are due to insufficient validation of user-supplied input by the...

CVE-2022-20644 Cisco Security Manager Cross-Site Scripting Vulnerabilities

Multiple vulnerabilities in the web-based management interface of Cisco Security Manager could allow an unauthenticated, remote attacker to conduct cross-site scripting attacks against a user of the interface. These vulnerabilities are due to insufficient validation of user-supplied input by the...

CVE-2022-20641

CVE-2022-20641 affects Cisco Security Manager’s web-based management interface. The vulnerabilities stem from insufficient input validation, enabling an unauthenticated attacker to perform cross-site scripting by tricking a user into clicking a crafted link. Impact described: execution of arbitra...

Cross site scripting

A vulnerability in the web-based management interface of Cisco Common Services Platform Collector CSPC could allow an authenticated, remote attacker to conduct a cross-site scripting XSS attack against a user of the interface. This vulnerability is due to insufficient validation of user-supplied...

CVE-2021-40131 Cisco Common Services Platform Collector Stored Cross-Site Scripting Vulnerability

A vulnerability in the web-based management interface of Cisco Common Services Platform Collector CSPC could allow an authenticated, remote attacker to conduct a cross-site scripting XSS attack against a user of the interface. This vulnerability is due to insufficient validation of user-supplied...

Cisco Prime Infrastructure Stored XSS (cisco-sa-pi-epnm-xss-U2JK537j)

The version of Cisco Prime Infrastructure installed on the remote host is prior to 3.10. It is, therefore, affected by a stored cross-site scripting XSS vulnerability in its web-based management interface due to improper validation of user-supplied input before returning it to users. An...

Cisco Unified Communications Manager Path Traversal (cisco-sa-cucm-path-trav-dKCvktvO)

According to its self-reported version, the Self Care Portal of Cisco Unified Communications Manager Unified CM is affected by a path traversal vulnerability in its web-based management interface due to a failure to properly validate user input. An authenticated, remote attacker can exploit this,...

CVE-2021-1500

A vulnerability in the web-based management interface of Cisco Webex Video Mesh could allow an unauthenticated, remote attacker to redirect a user to a malicious web page. This vulnerability is due to improper input validation of the URL parameters in an HTTP request. An attacker could exploit th...

CVE-2021-34701 Cisco Unified Communications Products Path Traversal Vulnerability

A vulnerability in the web-based management interface of Cisco Unified Communications Manager Unified CM, Cisco Unified Communications Manager Session Management Edition Unified CM SME, Cisco Unified Communications Manager IM & Presence Service Unified CM IM&P, and Cisco Unity Connection could...

CVE-2021-34731 Cisco Prime Access Registrar Stored Cross-Site Scripting Vulnerability

A vulnerability in the web-based management interface of Cisco Prime Access Registrar could allow an authenticated, remote attacker to perform a stored cross-site scripting attack on an affected system. This vulnerability exists because the web-based management interface does not sufficiently...

CVE-2021-34739 Cisco Small Business Series Switches Session Credentials Replay Vulnerability

A vulnerability in the web-based management interface of multiple Cisco Small Business Series Switches could allow an unauthenticated, remote attacker to replay valid user session credentials and gain unauthorized access to the web-based management interface of an affected device. This...

CVE-2021-34739 Cisco Small Business Series Switches Session Credentials Replay Vulnerability

A vulnerability in the web-based management interface of multiple Cisco Small Business Series Switches could allow an unauthenticated, remote attacker to replay valid user session credentials and gain unauthorized access to the web-based management interface of an affected device. This...

CVE-2021-34784 Cisco Prime Infrastructure and Evolved Programmable Network Manager Stored Cross-Site Scripting Vulnerability

A vulnerability in the web-based management interface of Cisco Prime Infrastructure PI and Cisco Evolved Programmable Network Manager EPNM could allow an authenticated, remote attacker to conduct a stored cross-site scripting XSS attack against a user of the web-based management interface of an...

CVE-2021-40120 Cisco Small Business RV Series Routers Command Injection Vulnerability

A vulnerability in the web-based management interface of certain Cisco Small Business RV Series Routers could allow an authenticated, remote attacker with administrative privileges to inject arbitrary commands into the underlying operating system and execute them using root-level privileges. This...

CVE-2021-40120 Cisco Small Business RV Series Routers Command Injection Vulnerability

A vulnerability in the web-based management interface of certain Cisco Small Business RV Series Routers could allow an authenticated, remote attacker with administrative privileges to inject arbitrary commands into the underlying operating system and execute them using root-level privileges. This...

CVE-2021-40112 Cisco Catalyst PON Series Switches Optical Network Terminal Vulnerabilities

Multiple vulnerabilities in the web-based management interface of the Cisco Catalyst Passive Optical Network PON Series Switches Optical Network Terminal ONT could allow an unauthenticated, remote attacker to perform the following actions: Log in with a default credential if the Telnet protocol i...

CVE-2021-34773 Cisco Unified Communications Products Cross-Site Request Forgery Vulnerability

A vulnerability in the web-based management interface of Cisco Unified Communications Manager Unified CM, Cisco Unified Communications Manager Session Management Edition Unified CM SME, and Cisco Unified Communications Manager IM & Presence Service Unified CM IM&P could allow an unauthenticated,...

Cisco TelePresence Management Suite Stored XSS (cisco-sa-tms-xss-CwjZJSQc)

According to its self-reported version, Cisco TelePresence Management Suite is affected by a stored cross-site scripting XSS vulnerability in its web-based management interface due to improper validation of user-supplied input before returning it to users. An authenticated, remote attacker can...

CVE-2021-34789

A vulnerability in the web-based management interface of Cisco Tetration could allow an authenticated, remote attacker to perform a stored cross-site scripting XSS attack on an affected system. This vulnerability exists because the web-based management interface does not sufficiently validate...

CVE-2021-34736

A vulnerability in the web-based management interface of Cisco Integrated Management Controller IMC Software could allow an unauthenticated, remote attacker to cause the web-based management interface to unexpectedly restart. The vulnerability is due to insufficient input validation on the...