Cisco Cloud Services Platform 2100 Command Injection Vulnerability

A vulnerability in the web-based management interface of Cisco Cloud Services Platform 2100 could allow an authenticated, remote attacker to perform command injection. The vulnerability is due to insufficient input validation of command input. An attacker could exploit this vulnerability by sendi...

CVE-2018-0367

A vulnerability in the web-based management interface of the Cisco Registered Envelope Service could allow an authenticated, remote attacker to conduct a cross-site scripting XSS attack against a user of the web-based management interface of the affected service. The vulnerability is due to...

CVE-2018-0367

The CVE-2018-0367 issue affects the Cisco Registered Envelope Service web-based management interface. Affected component: web-based management interface; vulnerability arises from insufficient validation of user-supplied input, enabling an authenticated, remote attacker to perform cross-site scri...

Cross site scripting

A vulnerability in the web-based management interface of Cisco Web Security Appliance WSA could allow an unauthenticated, remote attacker to conduct a reflected or Document Object Model based DOM-based cross-site scripting XSS attack against a user of the web-based management interface of an...

CVE-2018-0413

A vulnerability in the web-based management interface of Cisco Identity Services Engine ISE could allow an unauthenticated, remote attacker to conduct a cross-site request forgery CSRF attack and perform arbitrary actions on an affected device. The vulnerability is due to insufficient CSRF...

CVE-2018-0408

A vulnerability in the web-based management interface of Cisco Small Business 300 Series Sx300 Managed Switches could allow an authenticated, remote attacker to conduct a reflected cross-site scripting XSS attack against a user of the web-based management interface of an affected device. The...

CVE-2018-0413

A vulnerability in the web-based management interface of Cisco Identity Services Engine ISE could allow an unauthenticated, remote attacker to conduct a cross-site request forgery CSRF attack and perform arbitrary actions on an affected device. The vulnerability is due to insufficient CSRF...

CVE-2018-0413

A vulnerability in the web-based management interface of Cisco Identity Services Engine ISE could allow an unauthenticated, remote attacker to conduct a cross-site request forgery CSRF attack and perform arbitrary actions on an affected device. The vulnerability is due to insufficient CSRF...

CVE-2018-0408

Cisco Small Business 300 Series (Sx300) Managed Switches web UI is vulnerable to a reflected XSS due to insufficient input validation. An authenticated attacker could lure a user to click a crafted link, executing arbitrary script code in the UI context or accessing browser-based information. Aff...

CVE-2018-0407

A vulnerability in the web-based management interface of Cisco Small Business 300 Series Sx300 Managed Switches could allow an authenticated, remote attacker to conduct a persistent cross-site scripting XSS attack against a user of the web-based management interface of an affected device. The...

CVE-2018-0407

Cisco Small Business 300 Series (Sx300) Managed Switches web-based management interface is vulnerable to persistent cross-site scripting (XSS) due to insufficient validation of user input. An authenticated, remote attacker could lure a user into clicking a crafted link, allowing arbitrary script ...

CVE-2018-0407

A vulnerability in the web-based management interface of Cisco Small Business 300 Series Sx300 Managed Switches could allow an authenticated, remote attacker to conduct a persistent cross-site scripting XSS attack against a user of the web-based management interface of an affected device. The...

CVE-2018-0402

Multiple vulnerabilities in the web-based management interface of Cisco Unified Contact Center Express Unified CCX could allow an unauthenticated, remote attacker to conduct a cross-site request forgery CSRF attack. Cisco Bug IDs: CSCvg70921...

Server side request forgery (ssrf)

Multiple vulnerabilities in the web-based management interface of Cisco Finesse could allow an unauthenticated, remote attacker to conduct a server-side request forgery SSRF attack. Cisco Bug IDs: CSCvg71018...

CVE-2018-0403

CVE-2018-0403 affects Cisco Unified Contact Center Express (Unified CCX) through its web-based management interface. The root cause is the web UI pre-populating the login form password field with previously stored passwords from an internal database, enabling an unauthenticated, remote attacker t...

CVE-2018-0398

CVE-2018-0398 affects Cisco Finesse Web-based management interface. The issue is an unauthenticated SSRF vulnerability (server-side request forgery) that could allow remote attackers to trigger unintended requests from the Cisco Finesse server. The connected sources (Cisco Security Advisory and N...

CVE-2018-0400

CVE-2018-0400 concerns Cisco Unified Contact Center Express (Unified CCX) and its web-based management interface. The connected documents confirm a cross-site scripting (XSS) vulnerability that could be exploited by an unauthenticated, remote attacker who entices a user to click a crafted link, e...

Multiple Vulnerabilities in Cisco Finesse

Multiple vulnerabilities in the web-based management interface of Cisco Finesse could allow an unauthenticated, remote attacker to conduct a server-side request forgery SSRF attack or retrieve a cleartext password from an affected system. For more information about these vulnerabilities, see the...

Multiple Vulnerabilities in Cisco Unified Contact Center Express

Multiple vulnerabilities in the web-based management interface of Cisco Unified Contact Center Express Unified CCX could allow an unauthenticated, remote attacker to conduct cross-site scripting XSS attacks against a user of the interface, conduct a cross-site request forgery CSRF attack, or...

CVE-2018-0366

CVE-2018-0366 affects Cisco Web Security Appliance (WSA) and concerns a reflected cross-site scripting (XSS) vulnerability in the web-based management interface caused by insufficient input validation. An unauthenticated, remote attacker could lure a user to click a crafted link, resulting in arb...