Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2015-4198

Summary
Assigner-cisco
Assigner Org ID-d1c1063e-7a18-46af-9102-31f8928bc633
Published At-20 Jun, 2015 | 14:00
Updated At-06 Aug, 2024 | 06:04
Rejected At-
Credits

Cross-site scripting (XSS) vulnerability in the web framework on Cisco Web Security Appliance (WSA) devices with software 8.5.0-497 allows remote attackers to inject arbitrary web script or HTML via an unspecified HTTP header, aka Bug ID CSCuu24409.

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
▼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:cisco
Assigner Org ID:d1c1063e-7a18-46af-9102-31f8928bc633
Published At:20 Jun, 2015 | 14:00
Updated At:06 Aug, 2024 | 06:04
Rejected At:
▼CVE Numbering Authority (CNA)

Cross-site scripting (XSS) vulnerability in the web framework on Cisco Web Security Appliance (WSA) devices with software 8.5.0-497 allows remote attackers to inject arbitrary web script or HTML via an unspecified HTTP header, aka Bug ID CSCuu24409.

Affected Products
Vendor
n/a
Product
n/a
Versions
Affected
  • n/a
Problem Types
TypeCWE IDDescription
textN/An/a
Type: text
CWE ID: N/A
Description: n/a
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
http://tools.cisco.com/security/center/viewAlert.x?alertId=39422
vendor-advisory
x_refsource_CISCO
http://www.securityfocus.com/bid/75326
vdb-entry
x_refsource_BID
http://www.securitytracker.com/id/1032676
vdb-entry
x_refsource_SECTRACK
Hyperlink: http://tools.cisco.com/security/center/viewAlert.x?alertId=39422
Resource:
vendor-advisory
x_refsource_CISCO
Hyperlink: http://www.securityfocus.com/bid/75326
Resource:
vdb-entry
x_refsource_BID
Hyperlink: http://www.securitytracker.com/id/1032676
Resource:
vdb-entry
x_refsource_SECTRACK
▼Authorized Data Publishers (ADP)
CVE Program Container
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
http://tools.cisco.com/security/center/viewAlert.x?alertId=39422
vendor-advisory
x_refsource_CISCO
x_transferred
http://www.securityfocus.com/bid/75326
vdb-entry
x_refsource_BID
x_transferred
http://www.securitytracker.com/id/1032676
vdb-entry
x_refsource_SECTRACK
x_transferred
Hyperlink: http://tools.cisco.com/security/center/viewAlert.x?alertId=39422
Resource:
vendor-advisory
x_refsource_CISCO
x_transferred
Hyperlink: http://www.securityfocus.com/bid/75326
Resource:
vdb-entry
x_refsource_BID
x_transferred
Hyperlink: http://www.securitytracker.com/id/1032676
Resource:
vdb-entry
x_refsource_SECTRACK
x_transferred
Information is not available yet
▼National Vulnerability Database (NVD)
nvd.nist.gov
Source:psirt@cisco.com
Published At:20 Jun, 2015 | 14:59
Updated At:06 May, 2026 | 22:30

Cross-site scripting (XSS) vulnerability in the web framework on Cisco Web Security Appliance (WSA) devices with software 8.5.0-497 allows remote attackers to inject arbitrary web script or HTML via an unspecified HTTP header, aka Bug ID CSCuu24409.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Primary2.04.3MEDIUM
AV:N/AC:M/Au:N/C:N/I:P/A:N
Type: Primary
Version: 2.0
Base score: 4.3
Base severity: MEDIUM
Vector:
AV:N/AC:M/Au:N/C:N/I:P/A:N
CPE Matches
Cisco Systems, Inc.
cisco
>>web_security_appliance>>8.5.0-497
cpe:2.3:o:cisco:web_security_appliance:8.5.0-497:*:*:*:*:*:*:*
Weaknesses
CWE IDTypeSource
CWE-79Primarynvd@nist.gov
CWE ID: CWE-79
Type: Primary
Source: nvd@nist.gov
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
References
HyperlinkSourceResource
http://tools.cisco.com/security/center/viewAlert.x?alertId=39422psirt@cisco.com
Vendor Advisory
http://www.securityfocus.com/bid/75326psirt@cisco.com
Third Party Advisory
VDB Entry
http://www.securitytracker.com/id/1032676psirt@cisco.com
Third Party Advisory
VDB Entry
http://tools.cisco.com/security/center/viewAlert.x?alertId=39422af854a3a-2127-422b-91ae-364da2661108
Vendor Advisory
http://www.securityfocus.com/bid/75326af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
VDB Entry
http://www.securitytracker.com/id/1032676af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
VDB Entry
Hyperlink: http://tools.cisco.com/security/center/viewAlert.x?alertId=39422
Source: psirt@cisco.com
Resource:
Vendor Advisory
Hyperlink: http://www.securityfocus.com/bid/75326
Source: psirt@cisco.com
Resource:
Third Party Advisory
VDB Entry
Hyperlink: http://www.securitytracker.com/id/1032676
Source: psirt@cisco.com
Resource:
Third Party Advisory
VDB Entry
Hyperlink: http://tools.cisco.com/security/center/viewAlert.x?alertId=39422
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Vendor Advisory
Hyperlink: http://www.securityfocus.com/bid/75326
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Third Party Advisory
VDB Entry
Hyperlink: http://www.securitytracker.com/id/1032676
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Third Party Advisory
VDB Entry

Change History

0
Information is not available yet

Similar CVEs

12655Records found
CVE-2019-15268
Matching Score-6
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-6
Assigner-Cisco Systems, Inc.
CVSS Score-4.8||MEDIUM
EPSS-0.26% / 49.30%
||
7 Day CHG~0.00%
Published-16 Oct, 2019 | 18:36
Updated-21 Nov, 2024 | 19:07
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Cisco Firepower Management Center Multiple Cross-Site Scripting Vulnerabilities

Multiple vulnerabilities in the web-based management interface of Cisco Firepower Management Center (FMC) could allow an authenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web-based management interface. These vulnerabilities are due to insufficient validation of user-supplied input by the web-based management interface. An attacker could exploit these vulnerabilities by persuading a user of the interface to click a crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the interface or access sensitive, browser-based information.

Action-Not Available
Vendor-Cisco Systems, Inc.
Product-firepower_appliance_8120firepower_management_center_2600_firmwarefirepower_management_center_1000_firmwarefirepower_appliance_7050firesight_management_center_750_firmwarefiresight_management_center_3500_firmwarefiresight_management_center_3500firepower_appliance_8120_firmwarefirepower_appliance_7110_firmwarefirepower_appliance_8130firepower_appliance_8360_firmwarefirepower_appliance_8350_firmwarefirepower_appliance_8260_firmwarefirepower_management_center_virtual_appliance_firmwarefiresight_management_center_750firepower_management_center_2500_firmwarefirepower_management_center_2000firesight_management_center_1500ngips_virtual_appliance_firmwarefirepower_appliance_7125firepower_management_center_4600firepower_appliance_8390_firmwarefirepower_appliance_7020firepower_management_center_4000_firmwarefirepower_appliance_7110firepower_appliance_8370_firmwarefirepower_appliance_7125_firmwarefirepower_appliance_8360firepower_management_center_1600_firmwarefirepower_appliance_8140_firmwarefirepower_appliance_7120firepower_appliance_8270firepower_appliance_7050_firmwarefirepower_management_center_2500firepower_management_center_virtual_applianceamp_7150firepower_appliance_7010_firmwarefirepower_management_center_4500_firmwarefirepower_appliance_8250_firmwarefirepower_management_center_4500firepower_appliance_8270_firmwarefirepower_management_center_2000_firmwarefirepower_appliance_8140firepower_appliance_7030firepower_appliance_8250firepower_appliance_8290firepower_management_center_2600firepower_appliance_7030_firmwarefirepower_management_center_1000firepower_appliance_8390firesight_management_center_1500_firmwarefirepower_management_center_1600amp_8150amp_8150_firmwarefirepower_management_center_4600_firmwarefirepower_appliance_8290_firmwareamp_7150_firmwarefirepower_appliance_7115_firmwarefirepower_appliance_8370firepower_appliance_8350firepower_appliance_7010firepower_appliance_8260firepower_appliance_7120_firmwarefirepower_appliance_8130_firmwarefirepower_appliance_7115firepower_appliance_7020_firmwarefirepower_management_center_4000ngips_virtual_applianceCisco Firepower Management Center
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2019-15280
Matching Score-6
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-6
Assigner-Cisco Systems, Inc.
CVSS Score-4.8||MEDIUM
EPSS-0.26% / 49.30%
||
7 Day CHG~0.00%
Published-16 Oct, 2019 | 18:36
Updated-26 Nov, 2024 | 16:09
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Cisco Firepower Management Center Software Stored Cross-Site Scripting Vulnerability

A vulnerability in the web-based management interface of Cisco Firepower Management Center (FMC) Software could allow an authenticated, remote attacker to conduct a stored cross-site scripting (XSS) attack against a user of the web-based management interface. The vulnerability is due to insufficient validation of user-supplied input by the web-based management interface. An attacker could exploit this vulnerability by inserting malicious code in certain sections of the interface that are visible to other users. A successful exploit could allow the attacker to execute arbitrary script code in the context of the interface or access sensitive, browser-based information. An attacker would need valid administrator credentials to exploit this vulnerability.

Action-Not Available
Vendor-Cisco Systems, Inc.
Product-secure_firewall_management_centerCisco Firepower Management Center
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2024-20512
Matching Score-6
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-6
Assigner-Cisco Systems, Inc.
CVSS Score-6.1||MEDIUM
EPSS-0.45% / 63.70%
||
7 Day CHG~0.00%
Published-16 Oct, 2024 | 16:17
Updated-04 Aug, 2025 | 17:02
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Cisco Unified Contact Center Management Portal Reflected Cross-Site Scripting Vulnerability

A vulnerability in the web-based management interface of Cisco Unified Contact Center Management Portal (Unified CCMP) could allow an unauthenticated, remote attacker to conduct a reflected cross-site scripting (XSS) attack against a user of the interface. This vulnerability exists because the web-based management interface does not properly validate user-supplied input. An attacker could exploit this vulnerability by persuading a user of the interface to click a crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive browser-based information.

Action-Not Available
Vendor-Cisco Systems, Inc.
Product-unified_contact_center_management_portalCisco Unified Contact Center Management Portal
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2023-20249
Matching Score-6
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-6
Assigner-Cisco Systems, Inc.
CVSS Score-5.4||MEDIUM
EPSS-0.10% / 27.88%
||
7 Day CHG~0.00%
Published-24 Apr, 2024 | 20:47
Updated-24 Apr, 2025 | 14:34
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A vulnerability in the web-based management interface of Cisco TelePresence Management Suite (TMS) Software could allow an authenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the interface. This vulnerability is due to insufficient input validation by the web-based management interface. An attacker could exploit this vulnerability by inserting malicious data in a specific data field in the interface. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive, browser-based information.

Action-Not Available
Vendor-Cisco Systems, Inc.
Product-telepresence_management_suiteCisco TelePresence Management Suite (TMS)telepresence_management_suite
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2024-20530
Matching Score-6
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-6
Assigner-Cisco Systems, Inc.
CVSS Score-6.1||MEDIUM
EPSS-0.52% / 67.03%
||
7 Day CHG~0.00%
Published-06 Nov, 2024 | 16:30
Updated-20 Nov, 2024 | 16:50
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Cisco Identity Services Engine Reflected Cross-Site Scripting Vulnerability

A vulnerability in the web-based management interface of Cisco ISE could allow an unauthenticated, remote attacker to conduct an XSS attack against a user of the interface. This vulnerability exists because the web-based management interface does not properly validate user-supplied input. An attacker could exploit this vulnerability by persuading a user of the interface to click a crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive, browser-based information.

Action-Not Available
Vendor-Cisco Systems, Inc.
Product-identity_services_engineCisco Identity Services Engine Software
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2026-20075
Matching Score-6
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-6
Assigner-Cisco Systems, Inc.
CVSS Score-4.8||MEDIUM
EPSS-0.02% / 3.84%
||
7 Day CHG~0.00%
Published-15 Jan, 2026 | 16:32
Updated-30 Jan, 2026 | 19:54
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Cisco Evolved Programmable Network Manager and Cisco Prime Infrastructure Stored Cross-Site Scripting Vulnerability

A vulnerability in the web-based management interface of Cisco Evolved Programmable Network Manager (EPNM) and Cisco Prime Infrastructure could allow an authenticated, remote attacker to conduct a stored cross-site scripting (XSS) attack against users of the interface of an affected system. This vulnerability exists because the web-based management interface does not properly validate user-supplied input. An attacker could exploit this vulnerability by inserting malicious code into specific data fields in the interface. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive, browser-based information. To exploit this vulnerability, an attacker must have valid administrative credentials.

Action-Not Available
Vendor-Cisco Systems, Inc.
Product-prime_infrastructureevolved_programmable_network_managerCisco Evolved Programmable Network Manager (EPNM)Cisco Prime Infrastructure
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2026-20102
Matching Score-6
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-6
Assigner-Cisco Systems, Inc.
CVSS Score-6.1||MEDIUM
EPSS-0.01% / 1.21%
||
7 Day CHG~0.00%
Published-04 Mar, 2026 | 17:52
Updated-16 Apr, 2026 | 20:28
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Cisco Secure Firewall Adaptive Security Appliance and Secure Firewall Threat Defense Software SAML Reflected Cross-Site Scripting Vulnerability

A vulnerability in the SAML 2.0 single sign-on (SSO) feature of Cisco Secure Firewall ASA Software and Cisco Secure Firewall Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against the SAML feature and access sensitive, browser-based information. This vulnerability is due to insufficient input validation of multiple HTTP parameters. An attacker could exploit this vulnerability by persuading a user to access a malicious link. A successful exploit could allow the attacker to conduct a reflected XSS attack through an affected device.

Action-Not Available
Vendor-Cisco Systems, Inc.
Product-firepower_threat_defense_softwareadaptive_security_appliance_softwareCisco Secure Firewall Adaptive Security Appliance (ASA) SoftwareCisco Secure Firewall Threat Defense (FTD) Software
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2026-20059
Matching Score-6
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-6
Assigner-Cisco Systems, Inc.
CVSS Score-6.1||MEDIUM
EPSS-0.05% / 14.70%
||
7 Day CHG~0.00%
Published-15 Apr, 2026 | 16:11
Updated-28 Apr, 2026 | 16:31
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Cisco Unity Connection Reflected Cross-Site Scripting Vulnerability

A vulnerability in the web-based management interface of Cisco Unity Connection could allow an unauthenticated, remote attacker to conduct a reflected XSS attack against a user of the interface. This vulnerability exists because the web-based management interface does not properly validate user-supplied input. An attacker could exploit this vulnerability by persuading a user to click a crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive, browser-based information.

Action-Not Available
Vendor-Cisco Systems, Inc.
Product-unity_connectionCisco Unity Connection
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2026-20111
Matching Score-6
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-6
Assigner-Cisco Systems, Inc.
CVSS Score-4.8||MEDIUM
EPSS-0.04% / 12.86%
||
7 Day CHG~0.00%
Published-04 Feb, 2026 | 16:11
Updated-10 Mar, 2026 | 20:14
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Cisco Prime Infrastructure Stored Cross-Site Scripting Vulnerability

A vulnerability in the web-based management interface of Cisco Prime Infrastructure could allow an authenticated, remote attacker to conduct a stored cross-site scripting (XSS) attack against users of the interface of an affected system. This vulnerability exists because the web-based management interface does not properly validate user-supplied input. An attacker could exploit this vulnerability by inserting malicious code into specific data fields in the interface. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive, browser-based information. To exploit this vulnerability, an attacker must have valid administrative credentials.

Action-Not Available
Vendor-Cisco Systems, Inc.
Product-prime_infrastructureCisco Prime Infrastructure
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CWE ID-CWE-798
Use of Hard-coded Credentials
CVE-2024-20383
Matching Score-6
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-6
Assigner-Cisco Systems, Inc.
CVSS Score-4.8||MEDIUM
EPSS-0.10% / 26.17%
||
7 Day CHG~0.00%
Published-15 May, 2024 | 17:59
Updated-08 Aug, 2025 | 13:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Cisco Secure Email and Web Manager Stored Cross-Site Scripting Vulnerability

A vulnerability in the web-based management interface of Cisco AsyncOS Software for Cisco Secure Email and Web Manager could allow an authenticated, remote attacker to conduct an XSS attack against a user of the interface. This vulnerability is due to insufficient validation of user input. An attacker could exploit this vulnerability by persuading a user of an affected interface to click a crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive, browser-based information.

Action-Not Available
Vendor-Cisco Systems, Inc.
Product-secure_email_and_web_manager_m195secure_email_and_web_manager_m380secure_email_and_web_manager_m390secure_email_and_web_manager_m390xsecure_email_and_web_manager_m680secure_email_and_web_manager_m170secure_email_and_web_manager_m395secure_email_and_web_manager_virtual_appliance_m300vsecure_email_and_web_manager_m690secure_email_and_web_manager_m695secure_email_and_web_manager_virtual_appliance_m100vsecure_email_and_web_manager_virtual_appliance_m600vsecure_email_and_web_manager_m190secure_email_and_web_manager_m690xasyncosCisco Secure Email and Web Manager
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2026-20076
Matching Score-6
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-6
Assigner-Cisco Systems, Inc.
CVSS Score-4.8||MEDIUM
EPSS-0.02% / 3.84%
||
7 Day CHG~0.00%
Published-15 Jan, 2026 | 16:32
Updated-26 Feb, 2026 | 15:04
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Cisco Identity Services Engine Stored Cross-Site Scripting Vulnerability

A vulnerability in the web-based management interface of Cisco Identity Services Engine (ISE) could allow an authenticated, remote attacker to conduct a stored cross-site scripting (XSS) attack against a user of the interface. This vulnerability is due to insufficient validation of user-supplied input by the web-based management interface of an affected system. An attacker could exploit this vulnerability by injecting malicious code into specific pages of the interface. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive, browser-based information. To exploit this vulnerability, the attacker must have valid administrative credentials.

Action-Not Available
Vendor-Cisco Systems, Inc.
Product-identity_services_engineCisco Identity Services Engine Software
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2026-20149
Matching Score-6
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-6
Assigner-Cisco Systems, Inc.
CVSS Score-6.1||MEDIUM
EPSS-0.05% / 17.02%
||
7 Day CHG~0.00%
Published-04 Mar, 2026 | 17:24
Updated-09 Mar, 2026 | 17:52
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A vulnerability in Cisco Webex could have allowed an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack. Cisco has addressed this vulnerability, and no customer action is needed. This vulnerability was due to improper filtering of user-supplied input. Prior to this vulnerability being addressed, an attacker could have exploited this vulnerability by persuading a user to follow a malicious link. A successful exploit could have allowed the attacker to conduct an XSS attack against the targeted user.

Action-Not Available
Vendor-Cisco Systems, Inc.
Product-webexCisco Webex Meetings
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2024-20488
Matching Score-6
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-6
Assigner-Cisco Systems, Inc.
CVSS Score-6.1||MEDIUM
EPSS-0.40% / 60.74%
||
7 Day CHG~0.00%
Published-21 Aug, 2024 | 18:35
Updated-06 Sep, 2024 | 17:18
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Cisco Unified Communications Manager Cross-Site Scripting Vulnerability

A vulnerability in the web-based management interface of Cisco Unified Communications Manager (Unified CM) and Cisco Unified Communications Manager Session Management Edition (Unified CM SME) could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the interface. This vulnerability exists because the web-based management interface does not properly validate user-supplied input. An attacker could exploit this vulnerability by persuading a user of the interface to click a crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive, browser-based information.

Action-Not Available
Vendor-Cisco Systems, Inc.
Product-unified_communications_managerCisco Unified Communications Manager
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2024-20443
Matching Score-6
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-6
Assigner-Cisco Systems, Inc.
CVSS Score-5.4||MEDIUM
EPSS-0.19% / 40.80%
||
7 Day CHG~0.00%
Published-07 Aug, 2024 | 16:42
Updated-02 Oct, 2025 | 01:47
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A vulnerability in the web-based management interface of Cisco ISE could allow an authenticated, remote attacker to conduct an XSS attack against a user of the interface. This vulnerability is due to insufficient validation of user-supplied input by the web-based management interface of an affected system. An attacker could exploit this vulnerability by injecting malicious code into specific pages of the interface. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive, browser-based information. To exploit this vulnerability, the attacker must have at least a low-privileged account on an affected device.

Action-Not Available
Vendor-Cisco Systems, Inc.
Product-identity_services_engineCisco Identity Services Engine SoftwareCisco Adaptive Security Appliance (ASA) Software
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2024-20475
Matching Score-6
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-6
Assigner-Cisco Systems, Inc.
CVSS Score-6.4||MEDIUM
EPSS-0.26% / 49.49%
||
7 Day CHG~0.00%
Published-25 Sep, 2024 | 16:19
Updated-03 Oct, 2024 | 17:49
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Cisco SD-WAN vManage Cross-Site Scripting Vulnerability

A vulnerability in the web-based management interface of Cisco Catalyst SD-WAN Manager, formerly Cisco SD-WAN vManage, could allow an authenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the interface. This vulnerability exists because the web-based management interface does not properly validate user-supplied input. An attacker could exploit this vulnerability by inserting malicious data into a specific data field in an affected interface. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface.

Action-Not Available
Vendor-Cisco Systems, Inc.
Product-catalyst_sd-wan_managerCisco Catalyst SD-WAN Manager
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2016-1476
Matching Score-6
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-6
Assigner-Cisco Systems, Inc.
CVSS Score-5.4||MEDIUM
EPSS-0.19% / 40.36%
||
7 Day CHG~0.00%
Published-22 Aug, 2016 | 10:00
Updated-06 May, 2026 | 22:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Cross-site scripting (XSS) vulnerability on Cisco IP Phone 8800 devices with software 11.0 allows remote authenticated users to inject arbitrary web script or HTML via crafted parameters, aka Bug ID CSCuz03024.

Action-Not Available
Vendor-n/aCisco Systems, Inc.
Product-ip_phone_8800ip_phone_8800_series_firmwaren/a
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2024-20415
Matching Score-6
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-6
Assigner-Cisco Systems, Inc.
CVSS Score-4.8||MEDIUM
EPSS-0.15% / 35.81%
||
7 Day CHG~0.00%
Published-23 Oct, 2024 | 17:46
Updated-26 Nov, 2024 | 16:09
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A vulnerability in the web-based management interface of Cisco Firepower Management Center (FMC) Software could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the interface of an affected device. This vulnerability is due to insufficient validation of user-supplied input by the web-based management interface. An attacker could exploit this vulnerability by inserting crafted input into various data fields in an affected interface. A successful exploit could allow the attacker to execute arbitrary script code in the context of the interface, or access sensitive, browser-based information.

Action-Not Available
Vendor-Cisco Systems, Inc.
Product-secure_firewall_management_centerfirepower_management_centerCisco Firepower Management Center
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2024-20487
Matching Score-6
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-6
Assigner-Cisco Systems, Inc.
CVSS Score-4.3||MEDIUM
EPSS-0.14% / 34.03%
||
7 Day CHG~0.00%
Published-06 Nov, 2024 | 16:29
Updated-28 Apr, 2025 | 16:52
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Cisco Identity Services Engine Stored Cross-Site Scripting Vulnerabiliy

A vulnerability in the web-based management interface of Cisco ISE could allow an authenticated, remote attacker to conduct a stored XSS attack against a user of the interface. This vulnerability is due to insufficient validation of user-supplied input by the web-based management interface of an affected system. An attacker could exploit this vulnerability by injecting malicious code into specific pages of the interface. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive, browser-based information. To exploit this vulnerability, the attacker must have at least a low-privileged account on an affected device.

Action-Not Available
Vendor-Cisco Systems, Inc.
Product-identity_services_engineCisco Identity Services Engine Software
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2024-20540
Matching Score-6
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-6
Assigner-Cisco Systems, Inc.
CVSS Score-5.4||MEDIUM
EPSS-0.38% / 59.80%
||
7 Day CHG~0.00%
Published-06 Nov, 2024 | 16:32
Updated-07 Aug, 2025 | 19:04
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Cisco Unified Contact Center Management Portal Stored Cross-Site Scripting Vulnerability

A vulnerability in the web-based management interface of Cisco Unified Contact Center Management Portal (Unified CCMP) could allow an authenticated, remote attacker with low privileges to conduct a stored cross-site scripting (XSS) attack against a user of the interface. This vulnerability exists because the web-based management interface does not properly validate user-supplied input. An attacker could exploit this vulnerability by injecting malicious code into a specific page of the interface. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive browser-based information. To exploit this vulnerability, the attacker must have at least a Supervisor role on an affected device.

Action-Not Available
Vendor-Cisco Systems, Inc.
Product-unified_contact_center_management_portalCisco Unified Contact Center Management Portal
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2019-12667
Matching Score-6
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-6
Assigner-Cisco Systems, Inc.
CVSS Score-5.5||MEDIUM
EPSS-0.16% / 36.28%
||
7 Day CHG~0.00%
Published-25 Sep, 2019 | 20:15
Updated-21 Nov, 2024 | 19:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Cisco IOS XE Software Stored Cross-Site Scripting Vulnerability

A vulnerability in the web framework code of Cisco IOS XE Software could allow an authenticated, remote attacker to conduct a stored cross-site scripting (XSS) attack against a user of the web interface of the affected software. The vulnerability is due to insufficient input validation of some parameters that are passed to the web server of the affected software. An attacker could exploit this vulnerability by convincing a user of the web interface to access a malicious link or by intercepting a user request for the affected web interface and injecting malicious code into the request. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected web interface or allow the attacker to access sensitive browser-based information.

Action-Not Available
Vendor-Cisco Systems, Inc.
Product-ios_xeCisco IOS XE Software 16.4.1
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2024-20251
Matching Score-6
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-6
Assigner-Cisco Systems, Inc.
CVSS Score-4.8||MEDIUM
EPSS-0.07% / 21.76%
||
7 Day CHG~0.00%
Published-17 Jan, 2024 | 16:55
Updated-21 Oct, 2024 | 11:54
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A vulnerability in the web-based management interface of Cisco Identity Services Engine (ISE) could allow an authenticated, remote attacker to perform a stored cross-site scripting (XSS) attack against a user of the interface on an affected device. This vulnerability exists because the web-based management interface does not properly validate user-supplied input. An attacker could exploit this vulnerability by injecting malicious code into specific pages of the interface. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive, browser-based information.

Action-Not Available
Vendor-Cisco Systems, Inc.
Product-identity_services_engineCisco Identity Services Engine Software
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2024-20367
Matching Score-6
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-6
Assigner-Cisco Systems, Inc.
CVSS Score-5.4||MEDIUM
EPSS-0.16% / 36.42%
||
7 Day CHG~0.00%
Published-03 Apr, 2024 | 16:22
Updated-07 May, 2025 | 16:17
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A vulnerability in the web UI of Cisco Enterprise Chat and Email (ECE) could allow an authenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the interface. This vulnerability exists because the web UI does not properly validate user-supplied input. An attacker could exploit this vulnerability by persuading a user of the interface to click a crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive, browser-based information. To successfully exploit this vulnerability, an attacker would need valid agent credentials.

Action-Not Available
Vendor-Cisco Systems, Inc.
Product-enterprise_chat_and_emailCisco Enterprise Chat and Email
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2024-20258
Matching Score-6
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-6
Assigner-Cisco Systems, Inc.
CVSS Score-6.1||MEDIUM
EPSS-0.18% / 38.67%
||
7 Day CHG~0.00%
Published-15 May, 2024 | 17:32
Updated-31 Jul, 2025 | 19:44
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A vulnerability in the web-based management interface of Cisco AsyncOS Software for Cisco Secure Email and Web Manager and Secure Email Gateway could allow an unauthenticated, remote attacker to conduct an XSS attack against a user of the interface. This vulnerability is due to insufficient validation of user input. An attacker could exploit this vulnerability by persuading a user of an affected interface to click a crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive, browser-based information.

Action-Not Available
Vendor-Cisco Systems, Inc.
Product-secure_email_gateway_c690xsecure_email_and_web_manager_m690xsecure_email_gateway_c390secure_email_and_web_manager_m195secure_email_gateway_virtual_appliance_c300vsecure_email_gateway_c690secure_email_and_web_manager_virtual_appliance_m600vsecure_email_gateway_c195secure_email_and_web_manager_m680secure_email_gateway_virtual_appliance_c600vsecure_email_and_web_manager_m690asyncossecure_email_and_web_manager_virtual_appliance_m100vsecure_email_and_web_manager_m695secure_email_and_web_manager_m380secure_email_and_web_manager_m190secure_email_gateway_virtual_appliance_c100vsecure_email_and_web_manager_m390secure_email_and_web_manager_virtual_appliance_m300vsecure_email_and_web_manager_m395secure_email_and_web_manager_m390xsecure_email_and_web_manager_m170secure_email_gateway_c190secure_email_gateway_c395secure_email_gateway_c695Cisco Secure Email and Web ManagerCisco Secure Emailsecure_emailsecure_email_and_web_manager
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2024-20372
Matching Score-6
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-6
Assigner-Cisco Systems, Inc.
CVSS Score-6.1||MEDIUM
EPSS-0.17% / 37.75%
||
7 Day CHG~0.00%
Published-23 Oct, 2024 | 17:29
Updated-26 Nov, 2024 | 16:09
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A vulnerability in the web-based management interface of Cisco Firepower Management Center (FMC) Software could allow an unauthenticated, remote attacker to conduct a stored cross-site scripting (XSS) attack against a user of the interface of an affected device. This vulnerability is due to insufficient validation of user-supplied input by the web-based management interface. An attacker could exploit this vulnerability by inserting crafted input into various data fields in an affected interface. A successful exploit could allow the attacker to execute arbitrary script code in the context of the interface, or access sensitive, browser-based information.

Action-Not Available
Vendor-Cisco Systems, Inc.
Product-secure_firewall_management_centerfirepower_management_centerCisco Firepower Management Center
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2024-20334
Matching Score-6
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-6
Assigner-Cisco Systems, Inc.
CVSS Score-5.5||MEDIUM
EPSS-0.05% / 15.10%
||
7 Day CHG~0.00%
Published-03 Apr, 2024 | 16:24
Updated-11 Apr, 2025 | 15:47
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A vulnerability in the web-based management interface of Cisco TelePresence Management Suite (TMS) could allow a low-privileged, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the interface. This vulnerability is due to insufficient input validation by the web-based management interface. An attacker could exploit this vulnerability by inserting malicious data in a specific data field in the interface. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive, browser-based information.

Action-Not Available
Vendor-Cisco Systems, Inc.
Product-telepresence_management_suiteCisco TelePresence Management Suite (TMS)
CWE ID-CWE-20
Improper Input Validation
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2024-20298
Matching Score-6
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-6
Assigner-Cisco Systems, Inc.
CVSS Score-4.8||MEDIUM
EPSS-0.10% / 27.83%
||
7 Day CHG~0.00%
Published-23 Oct, 2024 | 17:08
Updated-31 Oct, 2024 | 19:25
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Cisco Firepower Management Center Software Cross-Site Scripting Vulnerability

A vulnerability in the web-based management interface of Cisco Firepower Management Center (FMC) Software could allow an authenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the interface of an affected device. This vulnerability is due to insufficient validation of user-supplied input by the web-based management interface. An attacker could exploit this vulnerability by inserting crafted input into various data fields in an affected interface. A successful exploit could allow the attacker to execute arbitrary script code in the context of the interface, or access sensitive, browser-based information.

Action-Not Available
Vendor-Cisco Systems, Inc.
Product-secure_firewall_management_centerCisco Firepower Management Center
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2024-20346
Matching Score-6
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-6
Assigner-Cisco Systems, Inc.
CVSS Score-5.4||MEDIUM
EPSS-0.10% / 27.88%
||
7 Day CHG~0.00%
Published-06 Mar, 2024 | 16:33
Updated-22 Jul, 2025 | 18:26
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A vulnerability in the web-based management interface of Cisco AppDynamics Controller could allow an authenticated, remote attacker to perform a reflected cross-site scripting (XSS) attack against a user of the interface of an affected device. This vulnerability is due to insufficient validation of user-supplied input by the web-based management interface. An attacker could exploit this vulnerability by persuading a user to click a malicious link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive, browser-based information.

Action-Not Available
Vendor-Cisco Systems, Inc.
Product-appdynamics_controllerCisco AppDynamics
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2024-20273
Matching Score-6
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-6
Assigner-Cisco Systems, Inc.
CVSS Score-6.1||MEDIUM
EPSS-0.35% / 57.21%
||
7 Day CHG~0.00%
Published-23 Oct, 2024 | 17:07
Updated-31 Oct, 2024 | 19:09
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Cisco Firepower Management Center Software Cross-Site Scripting Vulnerability

A vulnerability in the web-based management interface of Cisco Firepower Management Center (FMC) Software could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the interface of an affected device. This vulnerability is due to insufficient validation of user-supplied input by the web-based management interface. An attacker could exploit this vulnerability by inserting crafted input into various data fields in an affected interface. A successful exploit could allow the attacker to execute arbitrary script code in the context of the interface, or access sensitive, browser-based information.

Action-Not Available
Vendor-Cisco Systems, Inc.
Product-secure_firewall_management_centerCisco Firepower Management Center
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2015-6353
Matching Score-6
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-6
Assigner-Cisco Systems, Inc.
CVSS Score-3.5||LOW
EPSS-0.18% / 39.82%
||
7 Day CHG~0.00%
Published-31 Oct, 2015 | 01:00
Updated-06 May, 2026 | 22:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Multiple cross-site scripting (XSS) vulnerabilities in Cisco FireSight Management Center (MC) 5.3.1.5 and 5.4.x through 5.4.1.3 allow remote authenticated users to inject arbitrary web script or HTML via unspecified parameters, aka Bug ID CSCuu28922.

Action-Not Available
Vendor-n/aCisco Systems, Inc.
Product-firesight_system_softwaren/a
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2015-6363
Matching Score-6
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-6
Assigner-Cisco Systems, Inc.
CVSS Score-3.5||LOW
EPSS-0.18% / 39.82%
||
7 Day CHG~0.00%
Published-12 Nov, 2015 | 02:00
Updated-06 May, 2026 | 22:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Multiple cross-site scripting (XSS) vulnerabilities in the web framework in Cisco FireSIGHT Management Center (MC) 5.4.1.4 and 6.0.1 allow remote authenticated users to inject arbitrary web script or HTML via unspecified parameters, aka Bug ID CSCuw88396.

Action-Not Available
Vendor-n/aCisco Systems, Inc.
Product-firesight_system_softwaren/a
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2010-2506
Matching Score-6
Assigner-MITRE Corporation
ShareView Details
Matching Score-6
Assigner-MITRE Corporation
CVSS Score-2.9||LOW
EPSS-0.16% / 36.71%
||
7 Day CHG~0.00%
Published-28 Jun, 2010 | 18:06
Updated-29 Apr, 2026 | 01:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Cross-site scripting (XSS) vulnerability in debug.cgi in Linksys WAP54Gv3 firmware 3.05.03 and 3.04.03 allows remote attackers to inject arbitrary web script or HTML via the data1 parameter.

Action-Not Available
Vendor-n/aCisco Systems, Inc.
Product-linksys_firmwarelinksys_wap54gn/a
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2021-40121
Matching Score-6
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-6
Assigner-Cisco Systems, Inc.
CVSS Score-6.1||MEDIUM
EPSS-0.27% / 50.75%
||
7 Day CHG~0.00%
Published-21 Oct, 2021 | 02:50
Updated-07 Nov, 2024 | 21:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Cisco Identity Services Engine Cross-Site Scripting Vulnerabilities

Multiple vulnerabilities in the web-based management interface of Cisco Identity Services Engine (ISE) Software could allow an attacker to conduct a cross-site scripting (XSS) attack against a user of the interface. For more information about these vulnerabilities, see the Details section of this advisory.

Action-Not Available
Vendor-Cisco Systems, Inc.
Product-identity_services_engineCisco Identity Services Engine Software
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2021-40131
Matching Score-6
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-6
Assigner-Cisco Systems, Inc.
CVSS Score-5.5||MEDIUM
EPSS-0.21% / 42.95%
||
7 Day CHG~0.00%
Published-18 Nov, 2021 | 23:50
Updated-07 Nov, 2024 | 21:42
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Cisco Common Services Platform Collector Stored Cross-Site Scripting Vulnerability

A vulnerability in the web-based management interface of Cisco Common Services Platform Collector (CSPC) could allow an authenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the interface. This vulnerability is due to insufficient validation of user-supplied input that is processed by the web-based management interface. An attacker could exploit this vulnerability by adding malicious code to the configuration by using the web-based management interface. A successful exploit could allow the attacker to execute arbitrary code in the context of the interface or access sensitive, browser-based information.

Action-Not Available
Vendor-Cisco Systems, Inc.
Product-common_services_platform_collectorCisco Common Services Platform Collector Software
CWE ID-CWE-87
Improper Neutralization of Alternate XSS Syntax
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2025-20208
Matching Score-6
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-6
Assigner-Cisco Systems, Inc.
CVSS Score-4.6||MEDIUM
EPSS-0.13% / 31.28%
||
7 Day CHG~0.00%
Published-05 Mar, 2025 | 16:50
Updated-25 Mar, 2025 | 12:59
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A vulnerability in the web-based management interface of Cisco TelePresence Management Suite (TMS) could allow a low-privileged, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the interface. This vulnerability is due to insufficient input validation by the web-based management interface. An attacker could exploit this vulnerability by inserting malicious data in a specific data field in the interface. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive, browser-based information.

Action-Not Available
Vendor-Cisco Systems, Inc.
Product-telepresence_management_suiteCisco TelePresence Management Suite (TMS)
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2009-2048
Matching Score-6
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-6
Assigner-Cisco Systems, Inc.
CVSS Score-3.5||LOW
EPSS-0.34% / 56.39%
||
7 Day CHG~0.00%
Published-16 Jul, 2009 | 15:00
Updated-23 Apr, 2026 | 00:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Cross-site scripting (XSS) vulnerability in the Administration interface in Cisco Customer Response Solutions (CRS) before 7.0(1) SR2 in Cisco Unified Contact Center Express (aka CCX) server allows remote authenticated users to inject arbitrary web script or HTML into the CCX database via unspecified vectors.

Action-Not Available
Vendor-n/aCisco Systems, Inc.
Product-unified_ip_ivrcustomer_response_applicationsip_qmunified_ip_contact_center_expresscrsunified_ccxn/a
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2021-34731
Matching Score-6
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-6
Assigner-Cisco Systems, Inc.
CVSS Score-4.8||MEDIUM
EPSS-0.17% / 38.37%
||
7 Day CHG~0.00%
Published-04 Nov, 2021 | 15:40
Updated-07 Nov, 2024 | 21:42
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Cisco Prime Access Registrar Stored Cross-Site Scripting Vulnerability

A vulnerability in the web-based management interface of Cisco Prime Access Registrar could allow an authenticated, remote attacker to perform a stored cross-site scripting attack on an affected system. This vulnerability exists because the web-based management interface does not sufficiently validate user-supplied input. An attacker could exploit this vulnerability by injecting malicious code into specific pages of the interface. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive, browser-based information. To exploit this vulnerability, the attacker would need valid administrative credentials. Cisco expects to release software updates that address this vulnerability.

Action-Not Available
Vendor-Cisco Systems, Inc.
Product-prime_access_registrarCisco Prime Access Registrar
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2021-34759
Matching Score-6
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-6
Assigner-Cisco Systems, Inc.
CVSS Score-4.8||MEDIUM
EPSS-0.20% / 41.25%
||
7 Day CHG~0.00%
Published-02 Sep, 2021 | 03:05
Updated-07 Nov, 2024 | 22:01
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Cisco Identity Services Engine Cross-Site Scripting Vulnerability

A vulnerability in the web-based management interface of Cisco Identity Services Engine (ISE) Software could allow an authenticated, remote attacker with administrative credentials to conduct a cross-site scripting (XSS) attack against a user of the interface. This vulnerability exists because the web-based management interface does not properly validate user-supplied input. An attacker could exploit this vulnerability by injecting malicious code into specific pages of the interface. A successful exploit could allow the attacker to execute arbitrary script code in the context of the interface or access sensitive, browser-based information. To exploit this vulnerability, an attacker would need valid administrative credentials.

Action-Not Available
Vendor-Cisco Systems, Inc.
Product-identity_services_engineCisco Identity Services Engine Software
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2021-34764
Matching Score-6
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-6
Assigner-Cisco Systems, Inc.
CVSS Score-4.8||MEDIUM
EPSS-0.19% / 41.09%
||
7 Day CHG~0.00%
Published-27 Oct, 2021 | 18:55
Updated-07 Nov, 2024 | 21:44
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Cisco Firepower Management Center Software Cross-Site Scripting and Open Redirect Vulnerabilities

Multiple vulnerabilities in the web-based management interface of Cisco Firepower Management Center (FMC) Software could allow an attacker to execute a cross-site scripting (XSS) attack or an open redirect attack. For more information about these vulnerabilities, see the Details section of this advisory.

Action-Not Available
Vendor-Cisco Systems, Inc.
Product-firepower_management_center_virtual_appliancefirepower_threat_defensesourcefire_defense_centerCisco Firepower Management Center
CWE ID-CWE-601
URL Redirection to Untrusted Site ('Open Redirect')
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2009-0743
Matching Score-6
Assigner-MITRE Corporation
ShareView Details
Matching Score-6
Assigner-MITRE Corporation
CVSS Score-3.5||LOW
EPSS-0.23% / 45.87%
||
7 Day CHG~0.00%
Published-27 Feb, 2009 | 17:00
Updated-23 Apr, 2026 | 00:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Cross-site scripting (XSS) vulnerability in the edit account page in the Web Server in Cisco Unified MeetingPlace Web Conferencing 6.0 before 6.0(517.0) (aka 6.0 MR4) and 7.0 before 7.0(2) (aka 7.0 MR1) allows remote authenticated users to inject arbitrary web script or HTML via the E-mail Address field.

Action-Not Available
Vendor-n/aCisco Systems, Inc.
Product-unified_meetingplacen/a
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2022-20831
Matching Score-6
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-6
Assigner-Cisco Systems, Inc.
CVSS Score-4.8||MEDIUM
EPSS-0.19% / 40.48%
||
7 Day CHG~0.00%
Published-10 Nov, 2022 | 17:38
Updated-26 Nov, 2024 | 16:09
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Multiple vulnerabilities in the web-based management interface of Cisco Firepower Management Center (FMC) Software could allow an authenticated, remote attacker to conduct a stored cross-site scripting (XSS) attack against a user of the interface of an affected device. These vulnerabilities are due to insufficient validation of user-supplied input by the web-based management interface. An attacker could exploit these vulnerabilities by inserting crafted input into various data fields in an affected interface. A successful exploit could allow the attacker to execute arbitrary script code in the context of the interface, or access sensitive, browser-based information. In some cases, it is also possible to cause a temporary availability impact to portions of the FMC Dashboard.

Action-Not Available
Vendor-Cisco Systems, Inc.
Product-secure_firewall_management_centerCisco Firepower Management Center
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2017-12269
Matching Score-6
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-6
Assigner-Cisco Systems, Inc.
CVSS Score-5.4||MEDIUM
EPSS-0.36% / 58.44%
||
7 Day CHG~0.00%
Published-05 Oct, 2017 | 07:00
Updated-13 May, 2026 | 00:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A vulnerability in the web UI of Cisco Spark Messaging Software could allow an authenticated, remote attacker to perform a stored cross-site scripting (XSS) attack. The vulnerability is due to insufficient input validation by the web UI of the affected software. An attacker could exploit this vulnerability by injecting XSS content into the web UI of the affected software. A successful exploit could allow the attacker to force a user to execute code of the attacker's choosing or allow the attacker to retrieve sensitive information from the user. Cisco Bug IDs: CSCvf70587, CSCvf70592.

Action-Not Available
Vendor-n/aCisco Systems, Inc.
Product-sparkCisco Spark Messaging
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2017-12343
Matching Score-6
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-6
Assigner-Cisco Systems, Inc.
CVSS Score-8.8||HIGH
EPSS-0.91% / 76.10%
||
7 Day CHG~0.00%
Published-30 Nov, 2017 | 09:00
Updated-13 May, 2026 | 00:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Multiple vulnerabilities in Cisco Data Center Network Manager (DCNM) Software could allow a remote attacker to inject arbitrary values into DCNM configuration parameters, redirect a user to a malicious website, inject malicious content into a DCNM client interface, or conduct a cross-site scripting (XSS) attack against a user of the affected software. Cisco Bug IDs: CSCvf40477, CSCvf63150, CSCvf68218, CSCvf68235, CSCvf68247.

Action-Not Available
Vendor-n/aCisco Systems, Inc.
Product-data_center_network_managerCisco Data Center Network Manager Software
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2017-12358
Matching Score-6
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-6
Assigner-Cisco Systems, Inc.
CVSS Score-5.4||MEDIUM
EPSS-0.17% / 37.95%
||
7 Day CHG~0.00%
Published-30 Nov, 2017 | 09:00
Updated-13 May, 2026 | 00:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A vulnerability in the web-based management interface of Cisco Jabber for Windows, Mac, Android, and iOS could allow an authenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web-based management interface. The vulnerability is due to insufficient validation of user-supplied input by the web-based management interface of an affected device. An attacker could exploit this vulnerability by persuading a user of the interface to click a malicious link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the interface or allow the attacker to access sensitive browser-based information. Cisco Bug IDs: CSCvf79080, CSCvf79088.

Action-Not Available
Vendor-n/aCisco Systems, Inc.
Product-jabberCisco Jabber
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2008-4542
Matching Score-6
Assigner-MITRE Corporation
ShareView Details
Matching Score-6
Assigner-MITRE Corporation
CVSS Score-3.5||LOW
EPSS-0.34% / 56.39%
||
7 Day CHG~0.00%
Published-13 Oct, 2008 | 18:00
Updated-23 Apr, 2026 | 00:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Cross-site scripting (XSS) vulnerability in Cisco Unity 4.x before 4.2(1)ES162, 5.x before 5.0(1)ES56, and 7.x before 7.0(2)ES8 allows remote authenticated administrators to inject arbitrary web script or HTML by entering it in the database (aka data store).

Action-Not Available
Vendor-n/aCisco Systems, Inc.
Product-unityn/a
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2023-20204
Matching Score-6
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-6
Assigner-Cisco Systems, Inc.
CVSS Score-5.4||MEDIUM
EPSS-0.15% / 35.06%
||
7 Day CHG~0.00%
Published-03 Aug, 2023 | 21:15
Updated-21 Nov, 2024 | 21:41
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A vulnerability in the web-based management interface of Cisco BroadWorks CommPilot Application Software could allow an authenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the interface. This vulnerability exists because the web-based management interface does not properly validate user-supplied input. An attacker could exploit this vulnerability by persuading a user to click a crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive, browser-based information.

Action-Not Available
Vendor-Cisco Systems, Inc.
Product-broadworks_application_delivery_platformbroadworks_application_serverbroadworks_xtended_services_platformCisco BroadWorks
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2025-20123
Matching Score-6
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-6
Assigner-Cisco Systems, Inc.
CVSS Score-4.8||MEDIUM
EPSS-0.07% / 20.47%
||
7 Day CHG~0.00%
Published-08 Jan, 2025 | 16:09
Updated-23 Jul, 2025 | 15:39
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Cisco Crosswork Network Controller Stored Cross-Site Scripting Vulnerability

Multiple vulnerabilities in the web-based management interface of Cisco Crosswork Network Controller could allow an authenticated, remote attacker to conduct cross-site scripting (XSS) attacks against users of the interface of an affected system. These vulnerabilities exist because the web-based management interface does not properly validate user-supplied input. An attacker could exploit these vulnerabilities by inserting malicious data into specific data fields in the interface. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive, browser-based information. To exploit these vulnerabilities, the attacker must have valid administrative credentials. Cisco has released software updates that address these vulnerabilities. There are no workarounds that address these vulnerabilities.

Action-Not Available
Vendor-Cisco Systems, Inc.
Product-crosswork_network_controllerCisco Crosswork Network Change Automation
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2019-12626
Matching Score-6
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-6
Assigner-Cisco Systems, Inc.
CVSS Score-4.8||MEDIUM
EPSS-0.17% / 37.70%
||
7 Day CHG~0.00%
Published-21 Aug, 2019 | 18:05
Updated-21 Nov, 2024 | 19:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Cisco Unified Contact Center Express Stored Cross-Site Scripting Vulnerability

A vulnerability in the web-based management interface of Cisco Unified Contact Center Express (Unified CCX) could allow an authenticated, remote attacker to conduct a stored cross-site scripting (XSS) attack against a user of the web-based management interface of an affected device. The vulnerability is due to insufficient validation of user-supplied input by the web-based management interface of the affected software. An attacker could exploit this vulnerability by persuading a user of the interface to click a crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive, browser-based information. To exploit this vulnerability, the attacker needs valid administrator credentials.

Action-Not Available
Vendor-Cisco Systems, Inc.
Product-unified_contact_center_expressCisco Unified Contact Center Express
CWE ID-CWE-20
Improper Input Validation
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2025-20116
Matching Score-6
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-6
Assigner-Cisco Systems, Inc.
CVSS Score-4.8||MEDIUM
EPSS-0.07% / 20.47%
||
7 Day CHG~0.00%
Published-26 Feb, 2025 | 16:11
Updated-31 Jul, 2025 | 17:34
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Cisco Application Policy Infrastructure Controller Stored Cross-Site Scripting Vulnerability

A vulnerability in the web UI of Cisco APIC could allow an authenticated, remote attacker to perform a stored XSS attack on an affected system. To exploit this vulnerability, the attacker must have valid administrative credentials. This vulnerability is due to improper input validation in the web UI. An authenticated attacker could exploit this vulnerability by injecting malicious code into specific pages of the web UI. A successful exploit could allow the attacker to execute arbitrary script code in the context of the web UI or access sensitive, browser-based information.

Action-Not Available
Vendor-Cisco Systems, Inc.
Product-application_policy_infrastructure_controllerCisco Application Policy Infrastructure Controller (APIC)
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2025-20273
Matching Score-6
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-6
Assigner-Cisco Systems, Inc.
CVSS Score-6.1||MEDIUM
EPSS-0.06% / 19.27%
||
7 Day CHG~0.00%
Published-04 Jun, 2025 | 16:17
Updated-22 Jul, 2025 | 15:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Cisco Unified Intelligent Contact Management Enterprise Cross-Site Scripting vulnerability

A vulnerability in the web-based management interface of Cisco Unified Intelligent Contact Management Enterprise could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web-based management interface of an affected device. This vulnerability is due to insufficient user input validation. An attacker could exploit this vulnerability by persuading a user of the interface to click a crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive, browser-based information.

Action-Not Available
Vendor-Cisco Systems, Inc.
Product-unified_intelligent_contact_management_enterpriseCisco Unified Intelligent Contact Management Enterprise
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2019-12668
Matching Score-6
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-6
Assigner-Cisco Systems, Inc.
CVSS Score-4.8||MEDIUM
EPSS-0.18% / 39.50%
||
7 Day CHG~0.00%
Published-25 Sep, 2019 | 20:16
Updated-21 Nov, 2024 | 19:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Cisco IOS and IOS XE Software Stored Banner Cross-Site Scripting Vulnerability

A vulnerability in the web framework code of Cisco IOS and Cisco IOS XE Software could allow an authenticated, remote attacker to conduct a stored cross-site scripting (XSS) attack against a user of the web interface of the affected software using the banner parameter. The vulnerability is due to insufficient input validation of the banner parameters that are passed to the web server of the affected software. An attacker could exploit this vulnerability by crafting a banner parameter and saving it. The attacker could then convince a user of the web interface to access a malicious link or could intercept a user request for the affected web interface and inject malicious code into the request. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected web interface or allow the attacker to access sensitive browser-based information.

Action-Not Available
Vendor-Cisco Systems, Inc.
Product-ios_xeiosCisco IOS XE Software 3.6.0E
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
  • Previous
  • 1
  • 2
  • ...
  • 12
  • 13
  • 14
  • ...
  • 253
  • 254
  • Next
Details not found