7 matches found
CVE-2019-1777
CVE-2019-1777 concerns the Cisco Registered Envelope Service web interface, where insufficient input validation enables an authenticated, remote attacker to perform a cross-site scripting (XSS) attack on another user. Exploitation involves sending a malicious payload via email to a target user, p...
CVE-2017-12323
The CVE-2017-12323 set concerns the Cisco Registered Envelope Service web interface. The connected documents confirm there are multiple XSS and redirect vulnerabilities in the service’s web UI due to insufficient validation of user-supplied input. Affected component: Cisco Registered Envelope Ser...
CVE-2017-12321
The CVE-2017-12321 set concerns Cisco Registered Envelope Service, specifically its web interface. The reported flaws are cross-site scripting (XSS) vulnerabilities caused by insufficient validation of user-supplied input in the web-based management interface. An unauthenticated, remote attacker ...
CVE-2018-0367
The CVE-2018-0367 issue affects the Cisco Registered Envelope Service web-based management interface. Affected component: web-based management interface; vulnerability arises from insufficient validation of user-supplied input, enabling an authenticated, remote attacker to perform cross-site scri...
CVE-2017-12320
Cisco Registered Envelope Service (web interface) contains multiple XSS vulnerabilities due to insufficient input validation. An unauthenticated, remote attacker could entice a user to click a crafted link or send a request to execute arbitrary script in the user’s browser or access browser-based...
CVE-2017-3889
The CVE-2017-3889 entry describes an Open Redirect in the Cisco Registered Envelope Service web interface (cloud-based). The vulnerability stems from improper input validation in the HTTP request parameters, allowing an unauthenticated, remote attacker to redirect users to a malicious URL. Affect...
CVE-2018-15448
Cisco Registered Envelope Service suffers an information-disclosure vulnerability where an insecure configuration enables improper indexing, allowing unauthenticated, remote attackers to discover sensitive user data (e.g., usernames) via search engines. The root cause is misconfiguring indexing o...