CVE-2021-1130 Cisco DNA Center Cross-Site Scripting Vulnerability

A vulnerability in the web-based management interface of Cisco DNA Center software could allow an authenticated, remote attacker to conduct a cross-site scripting XSS attack against a user of the interface of an affected device. The vulnerability exists because the web-based management interface...

CVE-2021-1130

Cisco DNA Center suffers a Cross-Site Scripting (XSS) vulnerability in its web-based management interface. The flaw arises from improper validation of user-supplied input, enabling an authenticated attacker to lure a user into clicking a crafted link, which could allow execution of arbitrary scri...

CVE-2021-1246 Cisco Finesse OpenSocial Gadget Editor Unauthenticated Access Vulnerability

Cisco Finesse, Cisco Virtualized Voice Browser, and Cisco Unified CVP OpenSocial Gadget Editor Unauthenticated Access Vulnerability A vulnerability in the web management interface of Cisco Finesse, Cisco Virtualized Voice Browser, and Cisco Unified CVP could allow an unauthenticated, remote...

CVE-2021-1239

CVE-2021-1239 refers to multiple stored XSS vulnerabilities in the web-based management interface of Cisco Firepower Management Center (FMC). An authenticated, remote attacker could lure a user to click a crafted link, triggering arbitrary script execution or access to browser data due to inadequ...

CVE-2021-1212

Cisco Small Business RV110W/RV130/RV130W/RV215W routers contain web-based management interface input validation vulnerabilities that require valid administrator credentials to exploit. An authenticated attacker could send crafted HTTP requests to execute arbitrary code as root or cause a device r...

CVE-2021-1208

The CVE-2021-1208 entry concerns Cisco Small Business RV110W, RV130, RV130W, and RV215W routers. The issue stems from improper validation in the web-based management interface, allowing an authenticated, remote attacker with valid administrator credentials to execute arbitrary code as root or cau...

CVE-2021-1208 Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers Management Interface Remote Command Execution and Denial of Service Vulnerabilities

Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers could allow an authenticated, remote attacker to execute arbitrary code or cause an affected device to restart unexpectedly. The vulnerabilities are due to improper...

CVE-2021-1206

Cisco Small Business RV110W/RV130/RV130W/RV215W routers suffer multiple vulnerabilities in the web-based management interface due to improper input validation. An authenticated attacker with valid admin credentials could exploit crafted HTTP requests to execute arbitrary code as root or cause a d...

CVE-2021-1189

Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers could allow an authenticated, remote attacker to execute arbitrary code or cause an affected device to restart unexpectedly. The vulnerabilities are due to improper...

Cross site request forgery (csrf)

TikiWiki 21.2 allows templates to be edited without CSRF protection. This could allow an unauthenticated, remote attacker to conduct a cross-site request forgery CSRF attack and perform arbitrary actions on an affected system. The vulnerability is due to insufficient CSRF protections for the...

CVE-2020-29254

TikiWiki 21.2 allows templates to be edited without CSRF protection. This could allow an unauthenticated, remote attacker to conduct a cross-site request forgery CSRF attack and perform arbitrary actions on an affected system. The vulnerability is due to insufficient CSRF protections for the...

CVE-2020-29254

CVE-2020-29254 affects TikiWiki 21.2, where templates can be edited without CSRF protection due to insufficient safeguards on the web-based management interface. This enables an unauthenticated, remote attacker to lure a user into a malicious link and perform arbitrary actions with the user’s pri...

Cisco Identity Services Engine Cross-Site Scripting (cisco-sa-ise-xxs-pkjCmq9d)

According to its self-reported version, Cisco Identity Services Engine Software is affected by a cross-site scripting XSS vulnerability. The vulnerability exists because the web-based management interface does not properly validate user-supplied input. An authenticated, remote attacker could...

CVE-2020-3586

A vulnerability in the web-based management interface of Cisco DNA Spaces Connector could allow an unauthenticated, remote attacker to execute arbitrary commands on an affected device. The vulnerability is due to insufficient validation of user-supplied input in the web-based management interface...

CVE-2020-3586

Cisco DNA Spaces Connector exposes a vulnerability in its web-based management interface that allows unauthenticated remote command execution due to insufficient input validation. A crafted HTTP request can run arbitrary OS commands with the web app’s privileges, potentially impacting integrity a...

Cisco SD-WAN vManage Software Authorization Bypass (cisco-sa-vmanuafw-ZHkdGGEy)

According to its self-reported version, Cisco SD-WAN vManage is affected by an authentication bypass vulnerability in its web-based management interface due to insufficient authorization checks. An authenticated, remote attacker can exploit this, by sending specially crafted HTTP requests, to...

CVE-2020-3590

A vulnerability in the web-based management interface of the Cisco SD-WAN vManage Software could allow an authenticated, remote attacker to conduct a cross-site scripting XSS attack against a user. The vulnerability exists because the web-based management interface does not properly validate...

CVE-2020-3587 Cisco SD-WAN vManage Software Cross-Site Scripting Vulnerability

A vulnerability in the web-based management interface of the Cisco SD-WAN vManage Software could allow an authenticated, remote attacker to conduct a cross-site scripting XSS attack against a user. The vulnerability exists because the web-based management interface does not properly validate...

CVE-2020-3579 Cisco SD-WAN vManage Software Cross-Site Scripting Vulnerability

A vulnerability in the web-based management interface of Cisco SD-WAN vManage Software could allow an unauthenticated, remote attacker to conduct a cross-site scripting XSS attack against a user of the interface. The vulnerability exists because the web-based management interface does not properl...

CVE-2020-3515

Multiple vulnerabilities in the web-based management interface of Cisco Firepower Management Center FMC Software could allow an unauthenticated, remote attacker to conduct a cross-site scripting XSS attack against a user of the interface. These vulnerabilities are due to insufficient validation o...