CVE-2019-16003

CVE-2019-16003 affects Cisco UCS Director Web-based management interface. A flaw in the authentication logic could allow an unauthenticated, remote attacker to download system log files generated by an administrator by sending a crafted request to the web interface. The vulnerability stems from h...

CVE-2019-16024

Cisco Crosswork Change Automation web-based management interface is vulnerable to cross-site scripting (XSS) due to insufficient input validation. An unauthenticated, remote attacker could entice a user to click a crafted link, potentially executing arbitrary script in the user’s browser or acces...

CVE-2019-16024 Cisco Crosswork Change Automation Cross-Site Scripting Vulnerability

A vulnerability in the web-based management interface of Cisco Crosswork Change Automation could allow an unauthenticated, remote attacker to conduct a cross-site scripting XSS attack against a user of the web-based management interface of an affected system. The vulnerability is due to...

CVE-2019-16015

The CVE-2019-16015 affects Cisco Data Center Analytics Framework (DCAF) — specifically the web-based management interface. The issue is a reflected cross-site scripting (XSS) vulnerability caused by insufficient validation of user-supplied input. An unauthenticated, remote attacker could lure a u...

CVE-2020-3129 Cisco Unity Connection Stored Cross-Site Scripting Vulnerability

A vulnerability in the web-based management interface of Cisco Unity Connection Software could allow an authenticated, remote attacker to perform a stored cross-site scripting XSS attack. The vulnerability is due to insufficient input validation by the web-based management interface. An attacker...

CVE-2020-3129

CVE-2020-3129 describes a stored cross-site scripting (XSS) vulnerability in the web-based management interface of Cisco Unity Connection Software. The issue arises from insufficient input validation in the interface, allowing an authenticated, remote attacker to supply crafted data that can be s...

CVE-2020-3136

CVE-2020-3136 refers to a cross-site scripting vulnerability in Cisco Jabber Guest’s web-based management interface. The issue arises from improper validation of user-supplied input, enabling an unauthenticated, remote attacker to persuade a user to click a malicious link and execute script code ...

Cisco Firepower Threat Defense Software WebVPN XSS (cisco-sa-20191002-asa-xss)

A vulnerability in the Clientless SSL VPN WebVPN portal of Cisco Firepower Threat Defense Software FTD allows an unauthenticated, remote attacker to conduct a cross-site scripting XSS attack against a user of the web-based management interface of an affected device. The vulnerability is due to...

CVE-2019-15994

A vulnerability in the web-based management interface of Cisco Stealthwatch Enterprise could allow an unauthenticated, remote attacker to conduct a cross-site scripting XSS attack against a user of the web-based management interface of an affected system. The vulnerability is due to insufficient...

CVE-2019-15990

A vulnerability in the web-based management interface of certain Cisco Small Business RV Series Routers could allow an unauthenticated, remote attacker to view information displayed in the web-based management interface. The vulnerability is due to improper authorization of HTTP requests. An...

CVE-2019-15972

A vulnerability in the web-based management interface of Cisco Unified Communications Manager could allow an authenticated, remote attacker to conduct SQL injection attacks on an affected system. The vulnerability exists because the web-based management interface improperly validates SQL values. ...

Cross site scripting

A vulnerability in the web-based management interface of Cisco Unified Communications Domain Manager Unified CDM could allow an authenticated, remote attacker to conduct a cross-site scripting XSS attack against a user of the web-based management interface of an affected system. The vulnerability...

CVE-2019-15968 Cisco Unified Communications Domain Manager Persistent Cross-Site Scripting Vulnerability

A vulnerability in the web-based management interface of Cisco Unified Communications Domain Manager Unified CDM could allow an authenticated, remote attacker to conduct a cross-site scripting XSS attack against a user of the web-based management interface of an affected system. The vulnerability...

CVE-2019-15968

Cisco Unified Communications Domain Manager (CUCDM) web-based management interface is affected by a cross-site scripting (XSS) vulnerability caused by insufficient input validation. An authenticated remote attacker could lure a user to click a crafted link, enabling arbitrary script execution in ...

CVE-2019-15972

CVE-2019-15972 affects Cisco Unified Communications Manager (CUCM) Web Management Interface. The issue stems from improper validation of SQL values, enabling an authenticated, remote attacker to perform SQL injection and modify or retrieve data from the underlying database. Cisco indicates softwa...

CVE-2019-15994 Cisco Stealthwatch Enterprise Cross-Site Scripting Vulnerability

A vulnerability in the web-based management interface of Cisco Stealthwatch Enterprise could allow an unauthenticated, remote attacker to conduct a cross-site scripting XSS attack against a user of the web-based management interface of an affected system. The vulnerability is due to insufficient...

CVE-2019-15973 Cisco Industrial Network Director Reflected Cross-Site Scripting Vulnerability

A vulnerability in the web-based management interface of Cisco Industrial Network Director IND could allow an unauthenticated, remote attacker to conduct a cross-site scripting XSS attack against a user of the interface of an affected application. The vulnerability is due to insufficient validati...

Cisco Identity Services Engine Stored Cross-Site Scripting Vulnerability

According to its self-reported version, Cisco Identity Services Engine Software is affected by a vulnerability. A cross-site scripting XSS vulnerability exists in the web-based management interface of Cisco Identity Services Engine ISE Software could allow an authenticated, remote attacker to...

CVE-2019-15281

A vulnerability in the web-based management interface of Cisco Identity Services Engine ISE Software could allow an authenticated, remote attacker to conduct a stored cross-site scripting XSS attack against a user of the web-based management interface of an affected device. The attacker must have...

CVE-2019-15251

Multiple vulnerabilities in Cisco SPA100 Series Analog Telephone Adapters ATAs could allow an authenticated, adjacent attacker to execute arbitrary code with elevated privileges. The vulnerabilities are due to improper validation of user-supplied input to the web-based management interface. An...