7 matches found
CVE-2021-44228
CVE-2021-44228 (Log4Shell) affects Apache Log4j2 2.0-beta9 through 2.15.0 (excluding some security releases) and is specific to log4j-core. The vulnerability arises from JNDI features used in configuration, log messages, and parameters, which can be exploited when an attacker can control log mess...
CVE-2023-20058
Cisco Unified Intelligence Center is affected by a reflected XSS in its web-based management interface. The issue arises from inadequate input validation, allowing an unauthenticated, remote attacker to lure a user into clicking a crafted link, which could execute arbitrary script code in the int...
CVE-2023-20061
Cisco Unified Intelligence Center (CUIC) is affected by CVE-2023-20061 (and related CVE-2023-20062 per Cisco advisory) where an authenticated, remote attacker could either access sensitive information or perform a server-side request forgery (SSRF) due to deficiencies in REST API output handling ...
CVE-2023-20062
CVE-2023-20062 concerns Cisco Unified Intelligence Center. The described issues allow an authenticated, remote attacker to collect sensitive information or perform a server-side request forgery (SSRF) against an affected system. The root cause is described in connected advisories as improper inpu...
CVE-2021-1395
CVE-2021-1395 concerns the web-based management interface of Cisco Unified Intelligence Center, where a reflected XSS vulnerability exists due to improper input validation. An unauthenticated, remote attacker could lure a user to click a crafted link, potentially executing arbitrary script in the...
CVE-2018-0444
CVE-2018-0444 affects Cisco Packaged Contact Center Enterprise across the web-based management interface. The vulnerability is a stored XSS caused by insufficient validation of user-supplied input. An unauthenticated, remote attacker can lure a user to click a crafted link, potentially executing ...
CVE-2018-0445
Cisco Packaged Contact Center Enterprise (PCCE) web-based management interface is affected by a CSRF vulnerability due to insufficient protections. An unauthenticated, remote attacker could entice a user to follow a crafted link and perform arbitrary actions on the device with the user’s privileg...