VYPR

Vendor CVEs

Cisco Systems, Inc.

All CVEs

7,177 total · sorted by risk
  • CVE-2018-0242MedApr 19, 2018
    risk 0.40cvss 6.1epss 0.02

    A vulnerability in the WebVPN web-based management interface of Cisco Adaptive Security Appliance could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web-based management interface of an affected device. The…

  • CVE-2018-0190MedMar 28, 2018
    risk 0.40cvss 6.1epss 0.01

    Multiple vulnerabilities in the web-based user interface (web UI) of Cisco IOS XE Software could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web UI of the affected software. The vulnerabilities are due to…

  • CVE-2018-0188MedMar 28, 2018
    risk 0.40cvss 6.1epss 0.01

    Multiple vulnerabilities in the web-based user interface (web UI) of Cisco IOS XE Software could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web UI of the affected software. The vulnerabilities are due to…

  • CVE-2018-0186MedMar 28, 2018
    risk 0.40cvss 6.1epss 0.01

    Multiple vulnerabilities in the web-based user interface (web UI) of Cisco IOS XE Software could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web UI of the affected software. The vulnerabilities are due to…

  • CVE-2018-0223MedMar 8, 2018
    risk 0.40cvss 6.1epss 0.02

    A vulnerability in DesktopServlet in the web-based management interface of Cisco Security Manager could allow an unauthenticated, remote attacker to conduct a reflected cross-site scripting (XSS) attack against a user of the web-based interface. The vulnerability is due to…

  • CVE-2018-0219MedMar 8, 2018
    risk 0.40cvss 6.1epss 0.02

    A vulnerability in the web-based management interface of Cisco Unified Computing System (UCS) Director could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web-based management interface of an affected device. The…

  • CVE-2018-0212MedMar 8, 2018
    risk 0.40cvss 6.1epss 0.02

    A vulnerability in the web-based management interface of Cisco Identity Services Engine (ISE) could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web-based management interface of an affected device. The…

  • CVE-2018-0144MedMar 8, 2018
    risk 0.40cvss 6.1epss 0.02

    A vulnerability in the web-based management interface of Cisco Prime Data Center Network Manager could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web-based management interface of an affected device. The…

  • CVE-2018-0206MedFeb 22, 2018
    risk 0.40cvss 6.1epss 0.01

    A vulnerability in the web-based management interface of Cisco Unified Communications Manager could allow an unauthenticated, remote attacker to conduct a reflected cross-site scripting (XSS) attack against a user of the web-based management interface of an affected device. The…

  • CVE-2018-0205MedFeb 22, 2018
    risk 0.40cvss 6.1epss 0.01

    A vulnerability in the User Provisioning tab in the Cisco Prime Collaboration Provisioning Tool could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack. The vulnerability is due to improper input validation. An attacker could exploit this…

  • CVE-2018-0199MedFeb 22, 2018
    risk 0.40cvss 6.1epss 0.02

    A vulnerability in Cisco Jabber Client Framework (JCF) could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of an affected device. The vulnerability is due to improper neutralization of script in attributes in a web page.…

  • CVE-2018-0145MedFeb 22, 2018
    risk 0.40cvss 6.1epss 0.01

    A vulnerability in the web-based management interface of the Cisco Data Center Analytics Framework application could allow an unauthenticated, remote attacker to conduct a reflected cross-site scripting (XSS) attack against a user of the interface of an affected system. The…

  • CVE-2018-0129MedFeb 8, 2018
    risk 0.40cvss 6.1epss 0.01

    A vulnerability in the web-based management interface of Cisco Data Center Analytics Framework could allow an unauthenticated, remote attacker to conduct a reflected cross-site scripting (XSS) attack against a user of the web-based management interface of an affected device. The…

  • CVE-2018-0128MedFeb 8, 2018
    risk 0.40cvss 6.1epss 0.01

    A vulnerability in the web-based management interface of Cisco Data Center Analytics Framework could allow an unauthenticated, remote attacker to conduct a stored cross-site scripting (XSS) attack against a user of the web-based management interface of an affected device. The…

  • CVE-2018-0098MedJan 18, 2018
    risk 0.40cvss 6.1epss 0.01

    A vulnerability in the web-based management interface of Cisco WAP150 Wireless-AC/N Dual Radio Access Point with Power over Ethernet (PoE) and WAP361 Wireless-AC/N Dual Radio Wall Plate Access Point with PoE could allow an unauthenticated, remote attacker to conduct a cross-site…

  • CVE-2018-0097MedJan 18, 2018
    risk 0.40cvss 6.1epss 0.01

    A vulnerability in the web interface of Cisco Prime Infrastructure could allow an unauthenticated, remote attacker to redirect a user to a malicious web page, aka an Open Redirect. The vulnerability is due to improper input validation of the parameters in the HTTP request. An…

  • CVE-2018-0093MedJan 18, 2018
    risk 0.40cvss 6.1epss 0.01

    A vulnerability in the web-based management interface of Cisco Web Security Appliance (WSA) could allow an unauthenticated, remote attacker to conduct a reflected cross-site scripting (XSS) attack against a user of the web-based management interface of an affected device. The…

  • CVE-2018-0091MedJan 18, 2018
    risk 0.40cvss 6.1epss 0.01

    A vulnerability in the web-based management interface of Cisco Identity Services Engine (ISE) could allow an unauthenticated, remote attacker to conduct a Document Object Model (DOM) cross-site scripting (XSS) attack against a user of the web-based management interface of an…

  • CVE-2017-12308MedJan 18, 2018
    risk 0.40cvss 6.1epss 0.01

    A vulnerability in the web framework of Cisco Small Business Managed Switches software could allow an unauthenticated, remote attacker to conduct an HTTP response splitting attack against a user of the web interface of an affected system. The vulnerability is due to insufficient…

  • CVE-2017-12307MedJan 18, 2018
    risk 0.40cvss 6.1epss 0.01

    A vulnerability in the web framework of Cisco Small Business Managed Switches software could allow an unauthenticated, remote attacker to conduct a reflected cross-site scripting (XSS) attack against a user of the web interface of an affected system. The vulnerability is due to…

  • CVE-2018-0118MedJan 11, 2018
    risk 0.40cvss 6.1epss 0.02

    A vulnerability in the web-based management interface of Cisco Unified Communications Manager could allow an unauthenticated, remote attacker to perform a cross-site scripting (XSS) attack against a user of the web-based management interface of an affected device. The…

  • CVE-2017-12366MedNov 30, 2017
    risk 0.40cvss 6.1epss 0.01

    A vulnerability in Cisco WebEx Meeting Center could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of an affected system. The vulnerability is due to insufficient input validation of some parameters that are passed to the…

  • CVE-2017-12356MedNov 30, 2017
    risk 0.40cvss 6.1epss 0.01

    A vulnerability in the web-based management interface of Cisco Jabber for Windows, Mac, Android, and iOS could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web-based management interface of an affected device. The…

  • CVE-2017-12347MedNov 30, 2017
    risk 0.40cvss 6.1epss 0.01

    Multiple vulnerabilities in Cisco Data Center Network Manager (DCNM) Software could allow a remote attacker to inject arbitrary values into DCNM configuration parameters, redirect a user to a malicious website, inject malicious content into a DCNM client interface, or conduct a…

  • CVE-2017-12346MedNov 30, 2017
    risk 0.40cvss 6.1epss 0.01

    Multiple vulnerabilities in Cisco Data Center Network Manager (DCNM) Software could allow a remote attacker to inject arbitrary values into DCNM configuration parameters, redirect a user to a malicious website, inject malicious content into a DCNM client interface, or conduct a…

  • CVE-2017-12344MedNov 30, 2017
    risk 0.40cvss 6.1epss 0.01

    Multiple vulnerabilities in Cisco Data Center Network Manager (DCNM) Software could allow a remote attacker to inject arbitrary values into DCNM configuration parameters, redirect a user to a malicious website, inject malicious content into a DCNM client interface, or conduct a…

  • CVE-2017-12323MedNov 16, 2017
    risk 0.40cvss 6.1epss 0.01

    Multiple vulnerabilities in the web interface of the Cisco Registered Envelope Service (a cloud-based service) could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack or redirect a user of the affected service to an undesired web page. The…

  • CVE-2017-12322MedNov 16, 2017
    risk 0.40cvss 6.1epss 0.01

    Multiple vulnerabilities in the web interface of the Cisco Registered Envelope Service (a cloud-based service) could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack or redirect a user of the affected service to an undesired web page. The…

  • CVE-2017-12321MedNov 16, 2017
    risk 0.40cvss 6.1epss 0.01

    Multiple vulnerabilities in the web interface of the Cisco Registered Envelope Service (a cloud-based service) could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack or redirect a user of the affected service to an undesired web page. The…

  • CVE-2017-12320MedNov 16, 2017
    risk 0.40cvss 6.1epss 0.01

    Multiple vulnerabilities in the web interface of the Cisco Registered Envelope Service (a cloud-based service) could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack or redirect a user of the affected service to an undesired web page. The…

  • CVE-2017-12304MedNov 16, 2017
    risk 0.40cvss 6.1epss 0.01

    A vulnerability in the IOS daemon (IOSd) web-based management interface of Cisco IOS and IOS XE Software could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web-based management interface on an affected device. The…

  • CVE-2017-12292MedNov 16, 2017
    risk 0.40cvss 6.1epss 0.01

    Multiple vulnerabilities in the web interface of the Cisco Registered Envelope Service (a cloud-based service) could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack or redirect a user of the affected service to an undesired web page. The…

  • CVE-2017-12291MedNov 16, 2017
    risk 0.40cvss 6.1epss 0.01

    Multiple vulnerabilities in the web interface of the Cisco Registered Envelope Service (a cloud-based service) could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack or redirect a user of the affected service to an undesired web page. The…

  • CVE-2017-12290MedNov 16, 2017
    risk 0.40cvss 6.1epss 0.01

    Multiple vulnerabilities in the web interface of the Cisco Registered Envelope Service (a cloud-based service) could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack or redirect a user of the affected service to an undesired web page. The…

  • CVE-2017-12283MedNov 2, 2017
    risk 0.40cvss 6.1epss 0.01

    A vulnerability in the handling of 802.11w Protected Management Frames (PAF) by Cisco Aironet 3800 Series Access Points could allow an unauthenticated, adjacent attacker to terminate a valid user connection to an affected device, aka Denial of Service. The vulnerability exists…

  • CVE-2017-12282MedNov 2, 2017
    risk 0.40cvss 6.1epss 0.01

    A vulnerability in the Access Network Query Protocol (ANQP) ingress frame processing functionality of Cisco Wireless LAN Controllers could allow an unauthenticated, Layer 2 RF-adjacent attacker to cause an affected device to restart unexpectedly, resulting in a denial of service…

  • CVE-2017-12298MedOct 19, 2017
    risk 0.40cvss 6.1epss 0.01

    A vulnerability in Cisco WebEx Meeting Center could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of an affected system. The vulnerability is due to insufficient input validation of some parameters that are passed to the…

  • CVE-2017-12296MedOct 19, 2017
    risk 0.40cvss 6.1epss 0.01

    A vulnerability in Cisco WebEx Meetings Server could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the affected system. The vulnerability is due to insufficient input validation of some parameters that are passed to…

  • CVE-2017-12288MedOct 19, 2017
    risk 0.40cvss 6.1epss 0.01

    A vulnerability in the web-based management interface of Cisco Unified Contact Center Express could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of an affected device. The vulnerability is due to insufficient validation…

  • CVE-2017-12272MedOct 19, 2017
    risk 0.40cvss 6.1epss 0.01

    A vulnerability in the web framework code of Cisco IOS XE Software could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web interface of the affected software. The vulnerability is due to insufficient input…

  • CVE-2017-12265MedOct 5, 2017
    risk 0.40cvss 6.1epss 0.01

    A vulnerability in the web-based management interface of Cisco Adaptive Security Appliance (ASA) Software could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web-based management interface of an affected device,…

  • CVE-2017-12258MedOct 5, 2017
    risk 0.40cvss 6.1epss 0.02

    A vulnerability in the web-based UI of Cisco Unified Communications Manager could allow an unauthenticated, remote attacker to execute a cross-frame scripting (XFS) attack. The vulnerability exists because the affected software does not provide sufficient protections for HTML…

  • CVE-2017-12257MedOct 5, 2017
    risk 0.40cvss 6.1epss 0.01

    A vulnerability in the web framework of Cisco WebEx Meetings Server could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web interface of an affected system. The vulnerability is due to insufficient input validation…

  • CVE-2017-12254MedSep 21, 2017
    risk 0.40cvss 6.1epss 0.02

    A vulnerability in the web interface of Cisco Unified Intelligence Center could allow an unauthenticated, remote attacker to perform a Document Object Model (DOM)-based cross-site scripting attack. The vulnerability is due to insufficient input validation of some parameters…

  • CVE-2017-12248MedSep 21, 2017
    risk 0.40cvss 6.1epss 0.02

    A vulnerability in the web framework code of Cisco Unified Intelligence Center Software could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web interface of an affected system. The vulnerability is due to…

  • CVE-2017-6789MedSep 7, 2017
    risk 0.40cvss 6.1epss 0.01

    A vulnerability in the Cisco Unified Intelligence Center web interface could allow an unauthenticated, remote attacker to impact the integrity of the system by executing a Document Object Model (DOM)-based, environment or client-side cross-site scripting (XSS) attack. The…

  • CVE-2017-12220MedSep 7, 2017
    risk 0.40cvss 6.1epss 0.01

    A vulnerability in the web-based management interface of Cisco Firepower Management Center could allow an unauthenticated, remote attacker to conduct a reflected cross-site scripting (XSS) attack against a user of the web-based management interface of an affected device. The…

  • CVE-2017-12212MedSep 7, 2017
    risk 0.40cvss 6.1epss 0.01

    A vulnerability in the web framework of Cisco Unity Connection could allow an unauthenticated, remote attacker to conduct a reflected cross-site scripting (XSS) attack against a user of the web interface of an affected system. The vulnerability is due to insufficient input…

  • CVE-2017-6788MedAug 17, 2017
    risk 0.40cvss 6.1epss 0.01

    The WebLaunch functionality of Cisco AnyConnect Secure Mobility Client Software contains a vulnerability that could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the affected software. The vulnerability is due to…

  • CVE-2017-6776MedAug 17, 2017
    risk 0.40cvss 6.1epss 0.01

    A vulnerability in the web framework of Cisco Elastic Services Controller (ESC) could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web interface. The vulnerability is due to insufficient validation of…

Page 61 of 144