Cisco Adaptive Security Appliance Software Cross-Site Request Forgery Vulnerability

A vulnerability in the web-based management interface of Cisco Adaptive Security Appliance ASA Software could allow an unauthenticated, remote attacker to conduct a cross-site request forgery CSRF attack on an affected system. The vulnerability is due to insufficient CSRF protections for the...

CVE-2019-1722

A vulnerability in the FindMe feature of Cisco Expressway Series and Cisco TelePresence Video Communication Server VCS could allow an unauthenticated, remote attacker to conduct a cross-site request forgery CSRF attack and perform arbitrary actions on an affected system. The vulnerability is due ...

CVE-2019-1802

Cisco Firepower Management Center (FMC) is affected by CVE-2019-1802: an authenticated, remote attacker can exploit a cross-site scripting (XSS) vulnerability due to insufficient validation of input in the web-based management interface. A successful exploit requires a user to view a report conta...

CVE-2019-1802 Cisco Firepower Management Center Persistent Cross-Site Scripting Vulnerability

A vulnerability in the web-based management interface of Cisco Firepower Management Center FMC could allow an authenticated, remote attacker to conduct a cross-site scripting XSS attack against a user of the web-based management interface of an affected system. The vulnerability is due to...

Cisco Wireless LAN Controller Software Cross-Site Request Forgery Vulnerability

A vulnerability in the web-based management interface of Cisco Wireless LAN Controller WLC Software could allow an unauthenticated, remote attacker to conduct a cross-site request forgery CSRF attack and perform arbitrary actions on the device with the privileges of the user, including modifying...

CVE-2019-1828

A vulnerability in the web-based management interface of Cisco Small Business RV320 and RV325 Dual Gigabit WAN VPN Routers could allow an unauthenticated, remote attacker to access administrative credentials. The vulnerability exists because affected devices use weak encryption algorithms for use...

CVE-2019-1764

A vulnerability in the web-based management interface of Session Initiation Protocol SIP Software for Cisco IP Phone 8800 Series could allow an unauthenticated, remote attacker to conduct a cross-site request forgery CSRF attack. The vulnerability is due to insufficient CSRF protections for the...

CVE-2019-1707

CVE-2019-1707 affects Cisco DNA Center’s web-based management interface. A stored XSS vulnerability arises from insufficient validation of user-supplied input, exploitable by persuading an authenticated user to click a crafted link. Successful exploitation could execute arbitrary script code in t...

Cross site scripting

Multiple vulnerabilities in the web-based management interface of Cisco Enterprise Chat and Email could allow an unauthenticated, remote attacker to conduct a cross-site scripting XSS attack against a user of the web-based management interface of the affected software. The vulnerabilities are due...

CVE-2019-1670 Cisco Unified Intelligence Center Software Cross-Site Scripting Vulnerability

A vulnerability in the web-based management interface of Cisco Unified Intelligence Center Software could allow an unauthenticated, remote attacker to conduct a cross-site scripting XSS attack against a user of the web interface of an affected system. The vulnerability is due to insufficient inpu...

CVE-2019-1670

Cisco Unified Intelligence Center Software contains a web-interface cross-site scripting (XSS) vulnerability (CVE-2019-1670) due to insufficient input validation. An unauthenticated, remote attacker could lure a user into clicking a link, enabling arbitrary requests to be submitted to the affecte...

Cisco TelePresence Management Suite Cross-Site Scripting Vulnerability

A vulnerability in the web-based management interface of Cisco TelePresence Management Suite TMS software could allow an unauthenticated, remote attacker to conduct a cross-site scripting XSS attack against a user of the web-based management interface of an affected device. The vulnerability is d...

Cisco Firepower Management Center 6.2.2.2 / 6.2.3 - Cross-Site Scripting Vulnerability

Exploit for hardware platform in category web applications Exploit Title: Cisco Firepower Management Center Cross-Site Scripting XSS Vulnerability Exploit Author: Bhushan B. Patil Exploit DB author ID: 9551 Advisory URL:...

Cisco RV320 Command Injection (CVE-2019-1652)

A command injection vulnerability exists in Cisco RV320 and RV325 routers. An attacker can exploit this vulnerability by sending an authenticated HTTP request to the web-based management interface. An attacker could then gain the ability to arbitrarily execute code on the machine...

CVE-2019-1658

A vulnerability in the web-based management interface of Cisco Unified Intelligence Center could allow an unauthenticated, remote attacker to conduct a cross-site request forgery CSRF attack and perform arbitrary actions on an affected device. The vulnerability is due to insufficient CSRF...

CVE-2019-1653 Cisco Small Business RV320 and RV325 Routers Information Disclosure Vulnerability

A vulnerability in the web-based management interface of Cisco Small Business RV320 and RV325 Dual Gigabit WAN VPN Routers could allow an unauthenticated, remote attacker to retrieve sensitive information. The vulnerability is due to improper access controls for URLs. An attacker could exploit th...

CVE-2019-1658

Cisco Unified Intelligence Center suffers CSRF due to insufficient protections in its web-based management interface, allowing unauthenticated, remote attackers to induce victims to perform arbitrary actions via a browser with user privileges. Exploitation requires user interaction (phishing-like...

CVE-2019-1652

A vulnerability in the web-based management interface of Cisco Small Business RV320 and RV325 Dual Gigabit WAN VPN Routers could allow an authenticated, remote attacker with administrative privileges on an affected device to execute arbitrary commands. The vulnerability is due to improper...

CVE-2019-1642

CVE-2019-1642 affects Cisco Firepower Management Center (FMC). The issue is a cross-site scripting (XSS) vulnerability in the web-based management interface caused by insufficient validation of user-supplied input. An unauthenticated, remote attacker could lure a user to click a crafted link, ena...

CVE-2019-1643 Cisco Prime Infrastructure Cross-Site Scripting Vulnerability

A vulnerability in the web-based management interface of Cisco Prime Infrastructure could allow an unauthenticated, remote attacker to conduct a cross-site scripting XSS attack against a user of the web-based management interface of the affected software. The vulnerability is due to insufficient...