VYPR

Vendor CVEs

Cisco Systems, Inc.

All CVEs

7,106 total · sorted by risk
  • CVE-2018-0196MedMar 28, 2018
    risk 0.32cvss 4.9epss 0.01

    A vulnerability in the web-based user interface (web UI) of Cisco IOS XE Software could allow an authenticated, remote attacker to write arbitrary files to the operating system of an affected device. The vulnerability is due to insufficient input validation of HTTP requests that…

  • CVE-2017-6777MedAug 17, 2017
    risk 0.32cvss 4.9epss 0.01

    A vulnerability in the ConfD server of the Cisco Elastic Services Controller (ESC) could allow an authenticated, remote attacker to acquire sensitive system information. The vulnerability is due to insufficient protection of sensitive files on the system. An attacker could…

  • CVE-2017-6690MedJun 13, 2017
    risk 0.32cvss 4.9epss 0.01

    A vulnerability in the file check operation of Cisco ASR 5000 Series Aggregated Services Routers running the Cisco StarOS operating system could allow an authenticated, remote attacker to overwrite or modify arbitrary files on an affected system. More Information: CSCvd73726.…

  • CVE-2017-6668MedJun 13, 2017
    risk 0.32cvss 4.9epss 0.01

    Vulnerabilities in the web-based GUI of Cisco Unified Communications Domain Manager (CUCDM) could allow an authenticated, remote attacker to impact the confidentiality of the system by executing arbitrary SQL queries, aka SQL Injection. More Information: CSCvc52784 CSCvc97648.…

  • CVE-2017-3886MedApr 7, 2017
    risk 0.32cvss 4.9epss 0.02

    A vulnerability in the Cisco Unified Communications Manager web interface could allow an authenticated, remote attacker to impact the confidentiality of the system by executing arbitrary SQL queries, aka SQL Injection. The attacker must be authenticated as an administrative user…

  • CVE-2026-20199MedMay 20, 2026
    risk 0.31cvss 4.7epss 0.00

    A vulnerability in the SSL certificate handling of Cisco ThousandEyes Virtual Appliance could allow an authenticated, remote attacker to execute commands on the underlying operating system as the root user. This vulnerability is due to insufficient validation of user-supplied…

  • CVE-2026-43659MedMay 11, 2026
    risk 0.31cvss 4.7epss 0.00

    A race condition was addressed with additional validation. This issue is fixed in iOS 18.7.9 and iPadOS 18.7.9, iOS 26.5 and iPadOS 26.5, macOS Sequoia 15.7.7, macOS Sonoma 14.8.7, macOS Tahoe 26.5, visionOS 26.5. An app may be able to access sensitive user data.

  • CVE-2026-20132MedApr 15, 2026
    risk 0.31cvss 4.8epss 0.00

    Multiple vulnerabilities in the web-based management interface of Cisco Identity Services Engine (ISE) could allow an authenticated, remote attacker with administrative write privileges to conduct a stored cross-site scripting (XSS) attack or a reflected XSS attack against…

  • CVE-2026-20060MedApr 15, 2026
    risk 0.31cvss 4.7epss 0.00

    A vulnerability in the web-based management interface of Cisco Unity Connection could allow an unauthenticated, remote attacker to redirect a user to a malicious web page. This vulnerability is due to improper input validation of HTTP request parameters. An attacker could…

  • CVE-2026-20090MedApr 1, 2026
    risk 0.31cvss 4.8epss 0.00

    A vulnerability in the web-based management interface of Cisco IMC could allow an authenticated, remote attacker with administrative privileges to conduct a stored XSS attack against a user of the interface. This vulnerability is due to insufficient validation of user input.…

  • CVE-2026-20089MedApr 1, 2026
    risk 0.31cvss 4.8epss 0.00

    A vulnerability in the web-based management interface of Cisco IMC could allow an authenticated, remote attacker with administrative privileges to conduct a stored XSS attack against a user of the interface. This vulnerability is due to insufficient validation of user input.…

  • CVE-2026-20088MedApr 1, 2026
    risk 0.31cvss 4.8epss 0.00

    A vulnerability in the web-based management interface of Cisco IMC could allow an authenticated, remote attacker with administrative privileges to conduct a stored XSS attack against a user of the interface. This vulnerability is due to insufficient validation of user input.…

  • CVE-2026-20087MedApr 1, 2026
    risk 0.31cvss 4.8epss 0.00

    A vulnerability in the web-based management interface of Cisco IMC could allow an authenticated, remote attacker with administrative privileges to conduct a stored XSS attack against a user of the interface. This vulnerability is due to insufficient validation of user input.…

  • CVE-2026-20091MedFeb 25, 2026
    risk 0.31cvss 4.8epss 0.00

    A vulnerability in the web-based management interface of Cisco FXOS Software and Cisco UCS Manager Software could allow an authenticated, remote attacker to conduct a stored cross-site scripting (XSS) attack against a user of the interface. This vulnerability is due to…

  • CVE-2026-20109MedJan 21, 2026
    risk 0.31cvss 4.8epss 0.00

    Multiple vulnerabilities in the web-based management interface of Cisco Packaged Contact Center Enterprise (Packaged CCE) and Cisco Unified Contact Center Enterprise (Unified CCE) could allow an authenticated, remote attacker to conduct a cross-site scripting (XSS) attack…

  • CVE-2026-20055MedJan 21, 2026
    risk 0.31cvss 4.8epss 0.00

    Multiple vulnerabilities in the web-based management interface of Cisco Packaged Contact Center Enterprise (Packaged CCE) and Cisco Unified Contact Center Enterprise (Unified CCE) could allow an authenticated, remote attacker to conduct a cross-site scripting (XSS) attack…

  • CVE-2025-20355MedNov 13, 2025
    risk 0.31cvss 4.7epss 0.00

    A vulnerability in the web-based management interface of Cisco Catalyst Center Virtual Appliance could allow an unauthenticated, remote attacker to redirect a user to a malicious web page. This vulnerability is due to improper input validation of HTTP request parameters. An…

  • CVE-2025-43280MedOct 15, 2025
    risk 0.31cvss 4.7epss 0.00

    The issue was resolved by not loading remote images. This issue is fixed in iOS 18.6 and iPadOS 18.6. Forwarding an email could display remote images in Mail in Lockdown Mode.

  • CVE-2025-20361MedOct 1, 2025
    risk 0.31cvss 4.8epss 0.00

    A vulnerability in the web-based management interface of Cisco Unified Communications Manager (Unified CM) and Cisco Unified Communications Manager Session Management Edition (Unified CM SME) could allow an authenticated, remote attacker to conduct a cross-site scripting (XSS)…

  • CVE-2025-20307MedJul 2, 2025
    risk 0.31cvss 4.8epss 0.00

    A vulnerability in the web-based management interface of Cisco BroadWorks CommPilot Application Software could allow an authenticated, remote attacker to conduct cross-site scripting (XSS) attacks against a user of the interface. This vulnerability is due to insufficient…

  • CVE-2025-20279MedJun 4, 2025
    risk 0.31cvss 4.8epss 0.00

    A vulnerability in the web-based management interface of Cisco Unified CCX could allow an authenticated, remote attacker to conduct a stored XSS attack on an affected system. To exploit this vulnerability, the attacker must have valid administrative credentials. This…

  • CVE-2025-20267MedMay 21, 2025
    risk 0.31cvss 4.8epss 0.00

    A vulnerability in the web-based management interface of Cisco Identity Services Engine (ISE) could allow an authenticated, remote attacker to conduct cross-site scripting (XSS) attacks against a user of the interface. This vulnerability is due to insufficient validation of…

  • CVE-2025-20223MedMay 7, 2025
    risk 0.31cvss 4.7epss 0.00

    A vulnerability in Cisco Catalyst Center, formerly Cisco DNA Center, could allow an authenticated, remote attacker to read and modify data in a repository that belongs to an internal service of an affected device. This vulnerability is due to insufficient enforcement of…

  • CVE-2025-20216MedMay 7, 2025
    risk 0.31cvss 4.7epss 0.00

    A vulnerability in the web interface of Cisco Catalyst SD-WAN Manager, formerly Cisco SD-WAN vManage, could allow an unauthenticated, remote attacker to inject HTML into the browser of an authenticated user. This vulnerability is due to improper sanitization of input to the…

  • CVE-2025-20137MedMay 7, 2025
    risk 0.31cvss 4.7epss 0.00

    A vulnerability in the access control list (ACL) programming of Cisco IOS Software that is running on Cisco Catalyst 1000 Switches and Cisco Catalyst 2960L Switches could allow an unauthenticated, remote attacker to bypass a configured ACL. This vulnerability is due to the…

  • CVE-2025-20203MedApr 2, 2025
    risk 0.31cvss 4.8epss 0.00

    A vulnerability in the web-based management interface of Cisco Evolved Programmable Network Manager (EPNM) and Cisco Prime Infrastructure could allow an authenticated, remote attacker to conduct a stored cross-site scripting (XSS) attack against users of the interface of an…

  • CVE-2025-20116MedFeb 26, 2025
    risk 0.31cvss 4.8epss 0.00

    A vulnerability in the web UI of Cisco APIC could allow an authenticated, remote attacker to perform a stored XSS attack on an affected system. To exploit this vulnerability, the attacker must have valid administrative credentials. This vulnerability is due to improper input…

  • CVE-2025-20205MedFeb 5, 2025
    risk 0.31cvss 4.8epss 0.00

    Multiple vulnerabilities in the web-based management interface of Cisco Identity Services Engine (ISE) could allow an authenticated, remote attacker to conduct cross-site scripting (XSS) attacks against a user of the interface. These vulnerabilities are due to…

  • CVE-2025-20204MedFeb 5, 2025
    risk 0.31cvss 4.8epss 0.00

    Multiple vulnerabilities in the web-based management interface of Cisco Identity Services Engine (ISE) could allow an authenticated, remote attacker to conduct cross-site scripting (XSS) attacks against a user of the interface. These vulnerabilities are due to…

  • CVE-2025-20180MedFeb 5, 2025
    risk 0.31cvss 4.8epss 0.00

    A vulnerability in the web-based management interface of Cisco AsyncOS Software for Cisco Secure Email and Web Manager and Secure Email Gateway could allow an authenticated, remote attacker to conduct a stored cross-site scripting (XSS) attack against a user of the interface. …

  • CVE-2025-20126MedJan 8, 2025
    risk 0.31cvss 4.8epss 0.00

    A vulnerability in certification validation routines of Cisco ThousandEyes Endpoint Agent for macOS and RoomOS could allow an unauthenticated, remote attacker to intercept or manipulate metrics information. This vulnerability exists because the affected software does not…

  • CVE-2025-20123MedJan 8, 2025
    risk 0.31cvss 4.8epss 0.00

    Multiple vulnerabilities in the web-based management interface of Cisco Crosswork Network Controller could allow an authenticated, remote attacker to conduct cross-site scripting (XSS) attacks against users of the interface of an affected system. These vulnerabilities exist…

  • CVE-2022-20634MedNov 15, 2024
    risk 0.31cvss 4.7epss 0.01

    A vulnerability in the web-based management interface of Cisco ECE could allow an unauthenticated, remote attacker to redirect a user to an undesired web page. This vulnerability is due to improper input validation of the URL parameters in an HTTP request that is sent to…

  • CVE-2024-20539MedNov 6, 2024
    risk 0.31cvss 4.8epss 0.00

    A vulnerability in the web-based management interface of Cisco ISE could allow an authenticated, remote attacker to conduct a stored XSS attack against a user of the interface. This vulnerability exists because the web-based management interface does not sufficiently validate…

  • CVE-2024-20534MedNov 6, 2024
    risk 0.31cvss 4.8epss 0.00

    A vulnerability in the web UI of Cisco Desk Phone 9800 Series, Cisco IP Phone 6800, 7800, and 8800 Series, and Cisco Video Phone 8875 with Cisco Multiplatform Firmware could allow an authenticated, remote attacker to conduct stored cross-site scripting (XSS) attacks against…

  • CVE-2024-20533MedNov 6, 2024
    risk 0.31cvss 4.8epss 0.00

    A vulnerability in the web UI of Cisco Desk Phone 9800 Series, Cisco IP Phone 6800, 7800, and 8800 Series, and Cisco Video Phone 8875 with Cisco Multiplatform Firmware could allow an authenticated, remote attacker to conduct stored cross-site scripting (XSS) attacks against…

  • CVE-2024-20415MedOct 23, 2024
    risk 0.31cvss 4.8epss 0.00

    A vulnerability in the web-based management interface of Cisco Firepower Management Center (FMC) Software could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the interface of an affected device. This vulnerability is…

  • CVE-2024-20409MedOct 23, 2024
    risk 0.31cvss 4.8epss 0.00

    A vulnerability in the web-based management interface of Cisco Firepower Management Center (FMC) Software could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the interface of an affected device. This vulnerability is…

  • CVE-2024-20403MedOct 23, 2024
    risk 0.31cvss 4.8epss 0.00

    A vulnerability in the web-based management interface of Cisco Firepower Management Center (FMC) Software could allow an authenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the interface of an affected device. This vulnerability is due…

  • CVE-2024-20386MedOct 23, 2024
    risk 0.31cvss 4.8epss 0.00

    A vulnerability in the web-based management interface of Cisco Firepower Management Center (FMC) Software could allow an unauthenticated, remote attacker to conduct a stored cross-site scripting (XSS) attack against a user of the interface of an affected device. This…

  • CVE-2024-20364MedOct 23, 2024
    risk 0.31cvss 4.8epss 0.00

    A vulnerability in the web-based management interface of Cisco Firepower Management Center (FMC) Software could allow an authenticated, remote attacker to conduct a stored cross-site scripting (XSS) attack against a user of the interface of an affected device. This vulnerability…

  • CVE-2024-20300MedOct 23, 2024
    risk 0.31cvss 4.8epss 0.00

    A vulnerability in the web-based management interface of Cisco Firepower Management Center (FMC) Software could allow an authenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the interface of an affected device. This vulnerability is due…

  • CVE-2024-20298MedOct 23, 2024
    risk 0.31cvss 4.8epss 0.00

    A vulnerability in the web-based management interface of Cisco Firepower Management Center (FMC) Software could allow an authenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the interface of an affected device. This vulnerability is due…

  • CVE-2024-20269MedOct 23, 2024
    risk 0.31cvss 4.8epss 0.00

    A vulnerability in the web-based management interface of Cisco Firepower Management Center (FMC) Software could allow an authenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the interface of an affected device. This vulnerability is due…

  • CVE-2024-20264MedOct 23, 2024
    risk 0.31cvss 4.8epss 0.00

    A vulnerability in the web-based management interface of Cisco Firepower Management Center (FMC) Software could allow an authenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the interface of an affected device. This vulnerability is due…

  • CVE-2024-20510MedSep 25, 2024
    risk 0.31cvss 4.7epss 0.00

    A vulnerability in the Central Web Authentication (CWA) feature of Cisco IOS XE Software for Wireless Controllers could allow an unauthenticated, adjacent attacker to bypass the pre-authentication access control list (ACL), which could allow access to network resources before…

  • CVE-2024-20479MedAug 7, 2024
    risk 0.31cvss 4.8epss 0.00

    A vulnerability in the web-based management interface of Cisco ISE could allow an authenticated, remote attacker to conduct an XSS attack against a user of the interface. This vulnerability is due to insufficient validation of user-supplied input by the web-based management…

  • CVE-2024-20400MedJul 17, 2024
    risk 0.31cvss 4.7epss 0.00

    A vulnerability in the web-based management interface of Cisco Expressway Series could allow an unauthenticated, remote attacker to redirect a user to a malicious web page. This vulnerability is due to improper input validation of HTTP request parameters. An attacker could…

  • CVE-2024-20296MedJul 17, 2024
    risk 0.31cvss 4.7epss 0.00

    A vulnerability in the web-based management interface of Cisco Identity Services Engine (ISE) could allow an authenticated, remote attacker to upload arbitrary files to an affected device. To exploit this vulnerability, an attacker would need at least valid Policy Admin…

  • CVE-2024-20405MedJun 5, 2024
    risk 0.31cvss 4.8epss 0.01

    A vulnerability in the web-based management interface of Cisco Finesse could allow an unauthenticated, remote attacker to conduct a stored XSS attack by exploiting an RFI vulnerability. This vulnerability is due to insufficient validation of user-supplied input for specific…

Page 80 of 143