CVE-2020-3261 Cisco Mobility Express Software Cross-Site Request Forgery Vulnerability

A vulnerability in the web-based management interface of Cisco Mobility Express Software could allow an unauthenticated, remote attacker to conduct a cross-site request forgery CSRF attack on an affected system. The vulnerability is due to insufficient CSRF protections for the web-based managemen...

CVE-2019-16010 Cisco SD-WAN Solution vManage Stored Cross-Site Scripting Vulnerability

A vulnerability in the web UI of the Cisco SD-WAN vManage software could allow an authenticated, remote attacker to conduct a cross-site scripting XSS attack against a user of the web-based management interface of the vManage software. The vulnerability is due to insufficient validation of...

Cisco Prime Collaboration Provisioning Information Disclosure (cisco-sa-prim-collab-disclo-FAnX4DKB)

According to its self-reported version, Cisco Prime Collaboration Provisioning is affected by an information disclosure vulnerability in the web-based management interface because replies from the web-based management interface include unnecessary server information. An unauthenticated, remote...

CVE-2020-3157 Cisco Identity Services Engine Cross-Site Scripting Vulnerability

A vulnerability in the web-based management interface of Cisco Identity Services Engine ISE could allow an authenticated, remote attacker to conduct a cross-site scripting XSS attack against a user of the web-based interface. The vulnerability is due to insufficient validation of user-supplied...

CVE-2020-3157

Cisco ISE (Identity Services Engine) web-based management interface is vulnerable to Cross-Site Scripting (XSS) due to insufficient validation of user-supplied input. An authenticated attacker with write permissions can craft and save a malicious configuration, enabling script execution in the ad...

CVE-2020-3193

CVE-2020-3193 concerns Cisco Prime Collaboration Provisioning; the web-based management interface reveals unnecessary server information in responses, allowing unauthenticated remote attackers to obtain details about the OS and web server version. Root cause: information disclosure via standard i...

CVE-2020-3193 Cisco Prime Collaboration Provisioning Information Disclosure Vulnerability

A vulnerability in the web-based management interface of Cisco Prime Collaboration Provisioning could allow an unauthenticated, remote attacker to obtain sensitive information about an affected device. The vulnerability exists because replies from the web-based management interface include...

CVE-2020-3192

CVE-2020-3192 affects Cisco Prime Collaboration Provisioning web-based management interface. Root cause: insufficient validation of user-supplied input enabling cross-site scripting (XSS). An unauthenticated, remote attacker could entice a user to click a crafted link to execute arbitrary script ...

CVE-2020-3192 Cisco Prime Collaboration Provisioning Cross-Site Scripting Vulnerability

A vulnerability in the web-based management interface of Cisco Prime Collaboration Provisioning could allow an unauthenticated, remote attacker to conduct a cross-site scripting XSS attack against a user of the web-based management interface. The vulnerability is due to insufficient validation of...

Cisco Identity Services Engine Cross-Site Scripting Vulnerability

A vulnerability in the web-based management interface of Cisco Identity Services Engine ISE could allow an authenticated, remote attacker to conduct a cross-site scripting XSS attack against a user of the web-based interface. The vulnerability is due to insufficient validation of user-supplied...

Cisco Application Policy Infrastructure Controller Web-Based Management Interface Cross-Site Scripting Vulnerability (cisco-sa-20190501-apic-xss)

According to its self-reported version, Cisco Application Policy Infrastructure Controller APIC is affected by following vulnerability - A vulnerability in the web-based management interface of Cisco Application Policy Infrastructure Controller APIC could allow an authenticated, remote attacker t...

Sql injection

A vulnerability in the web UI of Cisco Cloud Web Security CWS could allow an authenticated, remote attacker to execute arbitrary SQL queries. The vulnerability exists because the web-based management interface improperly validates SQL values. An authenticated attacker could exploit this...

CVE-2020-3114 Cisco Data Center Network Manager Cross-Site Request Forgery Vulnerability

A vulnerability in the web-based management interface of Cisco Data Center Network Manager DCNM could allow an unauthenticated, remote attacker to conduct a cross-site request forgery CSRF attack on an affected system. The vulnerability is due to insufficient CSRF protections for the web-based...

CVE-2020-3159 Cisco Finesse Web-Based Management Interface Cross-Site Scripting Vulnerability

A vulnerability in the web-based management interface of Cisco Finesse could allow an unauthenticated, remote attacker to conduct a cross-site scripting XSS attack against a user of the web-based management interface of the affected software. The vulnerability is due to insufficient validation of...

Cisco Data Center Network Manager Stored Cross-Site Scripting Vulnerability

A vulnerability in the web-based management interface of Cisco Data Center Network Manager DCNM could allow an authenticated, remote attacker to conduct a cross-site scripting XSS attack against a user of the web-based management interface. The vulnerability is due to insufficient validation of...

Missing XML Validation in PAN-OS Web Interface

Missing XML validation vulnerability in the PAN-OS web interface on Palo Alto Networks PAN-OS software allows authenticated users to inject arbitrary XML that results in privilege escalation. This issue affects PAN-OS 8.1 versions earlier than PAN-OS 8.1.12 and PAN-OS 9.0 versions earlier than...

CVE-2019-15253 Cisco Digital Network Architecture Center Stored Cross-Site Scripting Vulnerability

A vulnerability in the web-based management interface of Cisco Digital Network Architecture DNA Center could allow an authenticated, remote attacker to conduct a stored cross-site scripting XSS attack against a user of the web-based management interface of an affected device. The vulnerability is...

Cisco Firepower Management Center Lightweight Directory Access Protocol Authentication Bypass (cisco-sa-20200122-fmc-auth)

According to its self-reported version, Cisco Firepower Management Center is affected by an authentication bypass vulnerability in the web-based management interface. This is due to improper handling of Lightweight Directory Access Protocol LDAP authentication responses from an external...

Cross site scripting

A vulnerability in the web-based management interface of Cisco Unity Connection Software could allow an authenticated, remote attacker to perform a stored cross-site scripting XSS attack. The vulnerability is due to insufficient input validation by the web-based management interface. An attacker...

Authentication flaw

A vulnerability in the web-based management interface of Cisco UCS Director could allow an unauthenticated, remote attacker to download system log files from an affected device. The vulnerability is due to an issue in the authentication logic of the web-based management interface. An attacker cou...