9 matches found
CVE-2024-20387
CVE-2024-20387 affects Cisco FMC Software (Web-based management interface). The issue is due to improper input sanitization, enabling an authenticated, remote attacker to store malicious content for stored XSS by persuading a user to click a malicious link. Impact is stored XSS on the affected de...
CVE-2024-20410
Cisco Firepower Management Center (FMC) web-based management interface is affected by a cross-site scripting (XSS) vulnerability due to insufficient input validation. The issue allows an unauthenticated, remote attacker to craft input in interface data fields that could execute arbitrary script c...
CVE-2024-20388
Cisco Firepower Management Center (FMC) password-change flow is vulnerable due to improper authentication of password update responses. An unauthenticated, remote attacker could force a password reset and potentially enumerate valid usernames from the unauthenticated response. Affected product: F...
CVE-2024-20415
Cisco Firepower Management Center (FMC) web interface suffers reflected XSS due to insufficient validation of user-supplied input. Affected component is the web-based management UI; exploitation by an unauthenticated, remote attacker could run arbitrary script code in the interface context or acc...
CVE-2024-20379
Cisco Secure Firewall Management Center (FMC) Software contains a vulnerability in its web-based management interface that could allow an authenticated, remote attacker to read arbitrary files from the underlying operating system. The issue arises from improper validation of user-supplied input; ...
CVE-2024-20409
CVE-2024-20409 affects Cisco Firepower Management Center (FMC) Web UI. The issue is insufficient validation of user-supplied input in the web-based management interface, enabling an unauthenticated, remote attacker to perform a cross-site scripting (XSS) attack by inserting crafted input into int...
CVE-2024-20386
The CVE-2024-20386 entry describes stored XSS in the web-based management interface of Cisco Firepower Management Center (FMC) Software due to insufficient validation of user-supplied input. An unauthenticated, remote attacker could inject crafted input into interface data fields to execute scrip...
CVE-2024-20403
CVE-2024-20403 affects Cisco Firepower Management Center (FMC) Software, specifically its web-based management interface. Root cause: insufficient validation of user-supplied input in the interface, enabling a cross-site scripting (XSS) attack. Impact: an authenticated remote attacker could execu...
CVE-2024-20372
Cisco Firepower Management Center (FMC) faces CVE-2024-20372: an unauthenticated, remote attacker can exploit a stored XSS via the web-based management interface due to insufficient input validation. Affected component is the FMC web UI; exploit could run arbitrary script in the interface context...