17 matches found
CVE-2022-20647
Cisco Security Manager’s web-based management interface contains cross-site scripting vulnerabilities caused by insufficient input validation. An unauthenticated, remote attacker could lure a user to click a crafted link to execute arbitrary script code within the interface or access browser-base...
CVE-2022-20635
CVE-2022-20635 refers to multiple cross-site scripting vulnerabilities in the web-based management interface of Cisco Security Manager. The flaws arise from insufficient validation of user-supplied input, allowing an unauthenticated, remote attacker to persuade a user to click a crafted link and ...
CVE-2022-20641
CVE-2022-20641 affects Cisco Security Manager’s web-based management interface. The vulnerabilities stem from insufficient input validation, enabling an unauthenticated attacker to perform cross-site scripting by tricking a user into clicking a crafted link. Impact described: execution of arbitra...
CVE-2022-20642
CVE-2022-20642 refers to multiple cross-site scripting vulnerabilities in Cisco Security Manager’s Web-based management interface. The root cause is insufficient validation/handling of user-supplied input, allowing an unauthenticated, remote attacker to lure a user into clicking a crafted link an...
CVE-2022-20637
CVE-2022-20637 affects Cisco Security Manager web-based management interface. Multiple cross-site scripting vulnerabilities arise from insufficient validation of user-supplied input. An unauthenticated, remote attacker could entice a user to click a crafted link, potentially allowing execution of...
CVE-2022-20645
CVE-2022-20645 concerns Cisco Security Manager. The issue is cross-site scripting via the web-based management interface caused by inadequate input validation. An unauthenticated, remote attacker can lure a user to click a crafted link to execute arbitrary script code in the interface context or ...
CVE-2022-20643
CVE-2022-20643 involves multiple cross-site scripting vulnerabilities in Cisco Security Manager’s web-based management interface, caused by insufficient validation of user input. An unauthenticated, remote attacker could lure a user into clicking a crafted link to execute arbitrary script code in...
CVE-2022-20638
CVE-2022-20638 affects the web-based management interface of Cisco Security Manager. The issue is cross-site scripting due to insufficient validation of user-supplied input, allowing an unauthenticated, remote attacker to induce a user to click a crafted link and potentially execute arbitrary scr...
CVE-2022-20644
CVE-2022-20644 refers to multiple cross-site scripting vulnerabilities in Cisco Security Manager’s web-based management interface. Root cause: insufficient validation of user-supplied input. Exploitation requires convincing a user to click a crafted link, enabling an unauthenticated, remote attac...
CVE-2022-20639
Cisco Security Manager’s web-based management interface contains cross-site scripting vulnerabilities due to insufficient input validation. An unauthenticated remote attacker could lure a user to click a crafted link to execute arbitrary script code in the interface’s context or access browser-ba...
CVE-2019-12630
Cisco Security Manager (CSM) is affected by CVE-2019-12630 due to insecure Java deserialization, enabling unauthenticated remote command execution via a malicious serialized object sent to a listener. The vulnerability permits execution of arbitrary commands on the device with casuser privileges....
CVE-2022-20646
Cisco Security Manager’s web-based management interface contains cross-site scripting vulnerabilities due to insufficient input validation. An unauthenticated, remote attacker could persuade a user to click a crafted link and potentially execute arbitrary script code within the interface or acces...
CVE-2022-20636
Multiple cross-site scripting vulnerabilities affect the web-based management interface of Cisco Security Manager (CSM). The issues arise from insufficient input validation, allowing an unauthenticated, remote attacker to lure a user into clicking a crafted link and execute arbitrary script code ...
CVE-2008-3820
Cisco Security Manager 3.1 and 3.2 (prior to 3.2.2) is affected. When Cisco IPS Event Viewer (IEV) is launched, the server and client open remotely accessible TCP ports for the MySQL/IEV services, allowing unauthenticated remote access to the IEV database and server and potentially root-level ope...
CVE-2022-20640
CVE-2022-20640 affects Cisco Security Manager’s web-based management interface. The issue is cross-site scripting due to insufficient validation of user input, allowing unauthenticated attackers to entice users to click a crafted link and potentially execute arbitrary script code or access browse...
CVE-2015-0594
Cisco Common Services (used by Cisco Prime LAN Management Solution and Cisco Security Manager) contains cross-site scripting (XSS) vulnerabilities in the help pages. The root cause is insufficient input validation of some parameters used by the help page system, allowing remote attackers to trigg...
CVE-2013-5488
Cisco Common Services (used in Cisco Prime LMS, Cisco Security Manager, Cisco Unified Service Monitor, and Cisco Unified Operations Manager) fails to properly interact with ActiveMQ, allowing an unauthenticated remote attacker to cause memory-based DoS by opening multiple concurrent TCP sessions....