CVE-2020-3599 Cisco Adaptive Security Appliance Software Web-Based Management Interface Reflected Cross-Site Scripting Vulnerability

A vulnerability in the web-based management interface of Cisco Adaptive Security Appliance ASA Software could allow an unauthenticated, remote attacker to conduct a cross-site scripting XSS attack against a user of the interface. This vulnerability exists because the web-based management interfac...

CVE-2020-3515 Cisco Firepower Management Center Software Cross-Site Scripting Vulnerabilities

Multiple vulnerabilities in the web-based management interface of Cisco Firepower Management Center FMC Software could allow an unauthenticated, remote attacker to conduct a cross-site scripting XSS attack against a user of the interface. These vulnerabilities are due to insufficient validation o...

Cisco Adaptive Security Appliance Software Web-Based Management Interface Reflected Cross-Site Scripting Vulnerability

Update from October 22nd, 2020: Cisco has become aware of a new Cisco Adaptive Security Appliance vulnerability that could affect the fixed releases recommended for code trains 9.13 and 9.14 in the Fixed Software "fs" section of this advisory. See the Cisco Adaptive Security Appliance Software...

CVE-2020-3589

A vulnerability in the web-based management interface of Cisco Identity Services Engine ISE Software could allow an authenticated, remote attacker with administrative credentials to conduct a cross-site scripting XSS attack against a user of the interface. The vulnerability exists because the...

CVE-2020-3598

A vulnerability in the web-based management interface of Cisco Vision Dynamic Signage Director could allow an unauthenticated, remote attacker to access confidential information or make configuration changes. The vulnerability is due to missing authentication for a specific section of the web-bas...

Design/Logic Flaw

A vulnerability in the web-based management interface of Cisco Vision Dynamic Signage Director could allow an unauthenticated, remote attacker to access confidential information or make configuration changes. The vulnerability is due to missing authentication for a specific section of the web-bas...

CVE-2020-3536 Cisco SD-WAN vManage Cross-Site Scripting Vulnerability

A vulnerability in the web-based management interface of Cisco SD-WAN vManage Software could allow an authenticated, remote attacker to conduct a cross-site scripting XSS attack against a user of the interface. The vulnerability exists because the web-based management interface does not properly...

CVE-2019-15963

A vulnerability in the web-based management interface of Cisco Unified Communications Manager could allow an authenticated, remote attacker to view sensitive information in the web-based management interface of the affected software. The vulnerability is due to insufficient protection of...

Input validation

A vulnerability in the web-based management interface of certain Cisco Small Business RV Series Routers could allow an authenticated, remote attacker with administrative privileges to inject arbitrary commands into the underlying operating system. When processed, the commands will be executed wit...

Cross site scripting

A vulnerability in the web framework of Cisco Emergency Responder could allow an authenticated, remote attacker to conduct a cross-site scripting XSS attack against a user of the web-based management interface. The vulnerability is due to insufficient validation of some parameters that are passed...

CVE-2019-15963

The CVE-2019-15963 vulnerability affects Cisco Unified Communications Manager’s web-based management interface. It arises from insufficient protection of user-supplied input, enabling an authenticated, remote attacker to view restricted portions of the software configuration and potentially acces...

CVE-2019-15963 Cisco Unified Communications Manager Information Disclosure Vulnerability

A vulnerability in the web-based management interface of Cisco Unified Communications Manager could allow an authenticated, remote attacker to view sensitive information in the web-based management interface of the affected software. The vulnerability is due to insufficient protection of...

CVE-2019-16025 Cisco Emergency Responder Stored Cross-Site Scripting Vulnerability

A vulnerability in the web framework of Cisco Emergency Responder could allow an authenticated, remote attacker to conduct a cross-site scripting XSS attack against a user of the web-based management interface. The vulnerability is due to insufficient validation of some parameters that are passed...

CVE-2019-16028 Cisco Firepower Management Center Lightweight Directory Access Protocol Authentication Bypass Vulnerability

A vulnerability in the web-based management interface of Cisco Firepower Management Center FMC could allow an unauthenticated, remote attacker to bypass authentication and execute arbitrary actions with administrative privileges on an affected device. The vulnerability is due to improper handling...

CVE-2019-16028

Cisco Firepower Management Center (FMC) web-based management interface is affected by CVE-2019-16028. The issue stems from improper handling of LDAP authentication responses from an external server, allowing an unauthenticated, remote attacker to bypass authentication and gain administrative acce...

CVE-2020-3137

CVE-2020-3137 affects Cisco Email Security Appliance (ESA) web-based management interface. The issue is a Cross-Site Scripting (XSS) vulnerability caused by insufficient validation of user-supplied input in the web UI. An unauthenticated, remote attacker could lure a user to click a malicious lin...

Cisco Data Center Network Manager Cross-Site Request Forgery (cisco-sa-20200219-dcnm-csrf)

According to its self-reported version, Cisco Data Center Network Manager is prior to version 11.31 and is, therefore, affected by a cross-site request forgery vulnerability in the web-based management interface. An unauthenticated, remote attacker could exploit this vulnerability by persuading a...

CVE-2020-13260

The CVE-2020-13260 entry concerns RAD SecFlow-1v web-based management interface (SF_0290_2.3.01.26). A vulnerability allows an authenticated attacker to upload a JavaScript file as a stored XSS payload, which is saved in the system as an OVPN config or a static key file. The payload executes when...

CVE-2020-13260

A vulnerability in the web-based management interface of RAD SecFlow-1v through 2020-05-21 could allow an authenticated attacker to upload a JavaScript file, with a stored XSS payload, that will remain stored in the system as an OVPN file in Configuration-Services-Security-OpenVPN-Config or as th...

Cisco Data Center Network Manager Stored Cross-Site Scripting (cisco-sa-20200219-dcnm-xss)

According to its self-reported version, Cisco Data Center Network Manager is prior to version 11.31 and is, therefore, affected by a cross-site scripting vulnerability in the web-based management interface due to insufficient validation of user-supplied input. An attacker could exploit this...