ByteOS

Matching Score-10

Assigner-Cisco Systems, Inc.

CVSS Score-6.1||MEDIUM

EPSS-0.16% / 37.82%

7 Day CHG~0.00%

Published-16 Nov, 2017 | 07:00

Updated-20 Apr, 2025 | 01:37

Multiple vulnerabilities in the web interface of the Cisco Registered Envelope Service (a cloud-based service) could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack or redirect a user of the affected service to an undesired web page. The vulnerabilities are due to insufficient validation of user-supplied input by the web-based management interface of the affected service. An attacker could exploit these vulnerabilities by persuading a user to click a malicious link or by sending an HTTP request that could cause the affected service to redirect the request to a specified malicious URL. A successful exploit could allow the attacker to execute arbitrary script code in the context of the web interface of the affected system or allow the attacker to access sensitive browser-based information on the affected system. These types of exploits could also be used in phishing attacks that send users to malicious websites without their knowledge. Cisco Bug IDs: CSCve77195, CSCve90978, CSCvf42310, CSCvf42703, CSCvf42723, CSCvf46169, CSCvf49999.

Product-registered_envelope_service Cisco Registered Envelope Service

CWE ID-CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVE-2017-12345

Matching Score-10

Assigner-Cisco Systems, Inc.

Matching Score-10

Assigner-Cisco Systems, Inc.

CVSS Score-4.7||MEDIUM

EPSS-0.31% / 53.56%

7 Day CHG~0.00%

Published-30 Nov, 2017 | 09:00

Updated-20 Apr, 2025 | 01:37

Multiple vulnerabilities in Cisco Data Center Network Manager (DCNM) Software could allow a remote attacker to inject arbitrary values into DCNM configuration parameters, redirect a user to a malicious website, inject malicious content into a DCNM client interface, or conduct a cross-site scripting (XSS) attack against a user of the affected software. Cisco Bug IDs: CSCvf40477, CSCvf63150, CSCvf68218, CSCvf68235, CSCvf68247.

Product-data_center_network_manager Cisco Data Center Network Manager Software

CWE ID-CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVE-2014-8018

Matching Score-10

Assigner-Cisco Systems, Inc.

Matching Score-10

Assigner-Cisco Systems, Inc.

CVSS Score-4.3||MEDIUM

EPSS-0.30% / 52.54%

7 Day CHG~0.00%

Published-22 Dec, 2014 | 19:00

Updated-12 Apr, 2025 | 10:46

Multiple cross-site scripting (XSS) vulnerabilities in Business Voice Services Manager (BVSM) pages in the Application Software in Cisco Unified Communications Domain Manager 8 allow remote attackers to inject arbitrary web script or HTML via a crafted URL, aka Bug IDs CSCur19651, CSCur18555, CSCur19630, and CSCur19661.

Product-unified_communications_domain_manager n/a

CWE ID-CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVE-2021-34738

Matching Score-10

Assigner-Cisco Systems, Inc.

Matching Score-10

Assigner-Cisco Systems, Inc.

CVSS Score-6.1||MEDIUM

EPSS-0.53% / 66.08%

7 Day CHG~0.00%

Published-21 Oct, 2021 | 02:50

Updated-07 Nov, 2024 | 21:47

Cisco Identity Services Engine Cross-Site Scripting Vulnerabilities

Multiple vulnerabilities in the web-based management interface of Cisco Identity Services Engine (ISE) Software could allow an attacker to conduct a cross-site scripting (XSS) attack against a user of the interface. For more information about these vulnerabilities, see the Details section of this advisory.

Vendor-Cisco Systems, Inc.

Product-identity_services_engine Cisco Identity Services Engine Software

CWE ID-CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVE-2014-8021

Matching Score-10

Assigner-Cisco Systems, Inc.

Matching Score-10

Assigner-Cisco Systems, Inc.

CVSS Score-4.3||MEDIUM

EPSS-0.28% / 50.75%

7 Day CHG~0.00%

Published-03 Feb, 2015 | 22:00

Updated-12 Apr, 2025 | 10:46

Cross-site scripting (XSS) vulnerability in Cisco AnyConnect Secure Mobility Client 3.1(.02043) and earlier and Cisco HostScan Engine 3.1(.05183) and earlier allows remote attackers to inject arbitrary web script or HTML via vectors involving an applet-path URL, aka Bug IDs CSCup82990 and CSCuq80149.

Product-hostscan_engine anyconnect_secure_mobility_client n/a

CWE ID-CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVE-2014-8026

Matching Score-10

Assigner-Cisco Systems, Inc.

Matching Score-10

Assigner-Cisco Systems, Inc.

CVSS Score-4.3||MEDIUM

EPSS-0.26% / 48.74%

7 Day CHG~0.00%

Published-23 Dec, 2014 | 02:00

Updated-12 Apr, 2025 | 10:46

Cross-site scripting (XSS) vulnerability in the Guest Server in Cisco Jabber allows remote attackers to inject arbitrary web script or HTML via a (1) GET or (2) POST parameter, aka Bug ID CSCus08074.

Product-jabber_guest n/a

CWE ID-CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVE-2014-8030

Matching Score-10

Assigner-Cisco Systems, Inc.

Matching Score-10

Assigner-Cisco Systems, Inc.

CVSS Score-4.3||MEDIUM

EPSS-0.33% / 55.23%

7 Day CHG~0.00%

Published-09 Jan, 2015 | 02:00

Updated-12 Apr, 2025 | 10:46

Cross-site scripting (XSS) vulnerability in sendPwMail.do in Cisco WebEx Meetings Server allows remote attackers to inject arbitrary web script or HTML via the email parameter, aka Bug ID CSCuj40381.

Product-webex_meetings_server n/a

CWE ID-CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVE-2014-3289

Matching Score-10

Assigner-Cisco Systems, Inc.

Matching Score-10

Assigner-Cisco Systems, Inc.

CVSS Score-4.3||MEDIUM

EPSS-0.66% / 70.17%

7 Day CHG~0.00%

Published-10 Jun, 2014 | 10:00

Updated-12 Apr, 2025 | 10:46

Cross-site scripting (XSS) vulnerability in the web management interface in Cisco AsyncOS on the Email Security Appliance (ESA) 8.0, Web Security Appliance (WSA) 8.0 (.5 Hot Patch 1) and earlier, and Content Security Management Appliance (SMA) 8.3 and earlier allows remote attackers to inject arbitrary web script or HTML via a crafted parameter, as demonstrated by the date_range parameter to monitor/reports/overview on the IronPort ESA, aka Bug IDs CSCun07998, CSCun07844, and CSCun07888.

Product-email_security_appliance_firmware web_security_appliance content_security_management_appliance ironport_asyncos n/a

CWE ID-CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVE-2014-3367

Matching Score-10

Assigner-Cisco Systems, Inc.

Matching Score-10

Assigner-Cisco Systems, Inc.

CVSS Score-4.3||MEDIUM

EPSS-0.34% / 56.00%

7 Day CHG~0.00%

Published-20 Sep, 2014 | 10:00

Updated-12 Apr, 2025 | 10:46

Cross-site scripting (XSS) vulnerability in the vCloud Director component in Cisco Nexus 1000V InterCloud for VMware allows remote attackers to inject arbitrary web script or HTML via an unspecified value, aka Bug ID CSCuq90524.

Product-cisco_nexus_1000v_intercloud n/a

CWE ID-CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVE-2014-3324

Matching Score-10

Assigner-Cisco Systems, Inc.

Matching Score-10

Assigner-Cisco Systems, Inc.

CVSS Score-4.3||MEDIUM

EPSS-0.56% / 67.30%

7 Day CHG~0.00%

Published-26 Jul, 2014 | 10:00

Updated-12 Apr, 2025 | 10:46

Multiple cross-site scripting (XSS) vulnerabilities in the login page in the administrative web interface in Cisco TelePresence Server Software 4.0(2.8) allow remote attackers to inject arbitrary web script or HTML via a crafted parameter, aka Bug ID CSCup90060.

Product-telepresence_server_software n/a

CWE ID-CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVE-2014-3373

Matching Score-10

Assigner-Cisco Systems, Inc.

Matching Score-10

Assigner-Cisco Systems, Inc.

CVSS Score-4.3||MEDIUM

EPSS-0.50% / 64.89%

7 Day CHG~0.00%

Published-31 Oct, 2014 | 10:00

Updated-12 Apr, 2025 | 10:46

Multiple cross-site scripting (XSS) vulnerabilities in the CCM Dialed Number Analyzer interface in the Server in Cisco Unified Communications Manager allow remote attackers to inject arbitrary web script or HTML via unspecified parameters, aka Bug ID CSCup92550.

CWE ID-CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVE-2014-3313

Matching Score-10

Assigner-Cisco Systems, Inc.

Matching Score-10

Assigner-Cisco Systems, Inc.

CVSS Score-4.3||MEDIUM

EPSS-0.50% / 64.89%

7 Day CHG~0.00%

Published-09 Jul, 2014 | 10:00

Updated-12 Apr, 2025 | 10:46

Cross-site scripting (XSS) vulnerability in the web user interface on Cisco Small Business SPA300 and SPA500 phones allows remote attackers to inject arbitrary web script or HTML via a crafted URL, aka Bug ID CSCuo52582.

Product-spa_508g_8-line_ip_phone spa922_1-line_ip_phone_with_1-port_ethernet spa_509g_12-line_ip_phone spa941_4-line_ip_phone_with_1-port_ethernet spa_525g_5-line_ip_phone spa_301_1_line_ip_phone spa942_4-line_ip_phone_with_2-port_switch spa_502g_1-line_ip_phone spa_525g2_5-line_ip_phone spa962_6-line_ip_phone_with_2-port_switch spa901_1-line_ip_phone spa_512g_1-line_ip_phone spa_514g_4-line_ip_phone spa_504g_4-line_ip_phone spa_303_3_line_ip_phone spa_501g_8-line_ip_phone n/a

CWE ID-CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVE-2014-3372

Matching Score-10

Assigner-Cisco Systems, Inc.

Matching Score-10

Assigner-Cisco Systems, Inc.

CVSS Score-4.3||MEDIUM

EPSS-0.44% / 62.36%

7 Day CHG~0.00%

Published-31 Oct, 2014 | 10:00

Updated-12 Apr, 2025 | 10:46

Multiple cross-site scripting (XSS) vulnerabilities in the CCM reports interface in the Server in Cisco Unified Communications Manager allow remote attackers to inject arbitrary web script or HTML via unspecified parameters, aka Bug ID CSCuq90589.

CWE ID-CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVE-2014-3315

Matching Score-10

Assigner-Cisco Systems, Inc.

Matching Score-10

Assigner-Cisco Systems, Inc.

CVSS Score-4.3||MEDIUM

EPSS-0.36% / 57.18%

7 Day CHG~0.00%

Published-10 Jul, 2014 | 10:00

Updated-12 Apr, 2025 | 10:46

Cross-site scripting (XSS) vulnerability in viewfilecontents.do in the Dialed Number Analyzer (DNA) component in Cisco Unified Communications Manager allows remote attackers to inject arbitrary web script or HTML via an unspecified parameter, aka Bug ID CSCup76308.

CWE ID-CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVE-2014-3364

Matching Score-10

Assigner-Cisco Systems, Inc.

Matching Score-10

Assigner-Cisco Systems, Inc.

CVSS Score-4.3||MEDIUM

EPSS-0.28% / 50.91%

7 Day CHG~0.00%

Published-13 Dec, 2014 | 00:00

Updated-12 Apr, 2025 | 10:46

Multiple cross-site scripting (XSS) vulnerabilities in the web framework in Cisco Prime Security Manager (aka PRSM) 9.2.1-2 and earlier allow remote attackers to inject arbitrary web script or HTML via a (1) Access Policies or (2) Device Summary Dashboard parameter, aka Bug ID CSCuq80661.

Product-prime_security_manager n/a

CWE ID-CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVE-2014-3266

Matching Score-10

Assigner-Cisco Systems, Inc.

Matching Score-10

Assigner-Cisco Systems, Inc.

CVSS Score-4.3||MEDIUM

EPSS-0.31% / 53.54%

7 Day CHG~0.00%

Published-23 May, 2014 | 22:00

Updated-12 Apr, 2025 | 10:46

Cross-site scripting (XSS) vulnerability in the web framework in Cisco Security Manager 4.6 and earlier allows remote attackers to inject arbitrary web script or HTML via an unspecified parameter, aka Bug ID CSCun65189.

Product-security_manager n/a

CWE ID-CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVE-2014-2192

Matching Score-10

Assigner-Cisco Systems, Inc.

Matching Score-10

Assigner-Cisco Systems, Inc.

CVSS Score-4.3||MEDIUM

EPSS-0.30% / 52.54%

7 Day CHG~0.00%

Published-20 May, 2014 | 10:00

Updated-12 Apr, 2025 | 10:46

Cross-site scripting (XSS) vulnerability in Cisco Unified Web and E-mail Interaction Manager 9.0(2) allows remote attackers to inject arbitrary web script or HTML via an unspecified parameter, aka Bug ID CSCuj43033.

Product-unified_web_and_e-mail_interaction_manager n/a

CWE ID-CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVE-2014-2114

Matching Score-10

Assigner-Cisco Systems, Inc.

Matching Score-10

Assigner-Cisco Systems, Inc.

CVSS Score-4.3||MEDIUM

EPSS-0.28% / 50.75%

7 Day CHG~0.00%

Published-04 Apr, 2014 | 15:00

Updated-12 Apr, 2025 | 10:46

Cross-site scripting (XSS) vulnerability in UserServlet in Cisco Emergency Responder (ER) 8.6 and earlier allows remote attackers to inject arbitrary web script or HTML via an unspecified parameter, aka Bug ID CSCun24384.

Product-emergency_responder n/a

CWE ID-CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVE-2014-8022

Matching Score-10

Assigner-Cisco Systems, Inc.

Matching Score-10

Assigner-Cisco Systems, Inc.

CVSS Score-4.3||MEDIUM

EPSS-0.29% / 52.34%

7 Day CHG~0.00%

Published-15 Jan, 2015 | 22:00

Updated-12 Apr, 2025 | 10:46

Multiple cross-site scripting (XSS) vulnerabilities in Cisco Identity Services Engine allow remote attackers to inject arbitrary web script or HTML via input to unspecified web pages, aka Bug IDs CSCur69835 and CSCur69776.

Product-identity_services_engine_software n/a

CWE ID-CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVE-2015-0724

Matching Score-10

Assigner-Cisco Systems, Inc.

Matching Score-10

Assigner-Cisco Systems, Inc.

CVSS Score-4.3||MEDIUM

EPSS-0.26% / 49.45%

7 Day CHG~0.00%

Published-15 May, 2015 | 01:00

Updated-12 Apr, 2025 | 10:46

Multiple cross-site scripting (XSS) vulnerabilities in dncs 7.0.0.12 in Cisco Headend Digital Broadband Delivery System allow remote attackers to inject arbitrary web script or HTML via unspecified parameters in a (1) GET or (2) POST request, aka Bug ID CSCur25604.

Product-headend_digital_broadband_delivery_system n/a

CWE ID-CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVE-2014-0668

Matching Score-10

Assigner-Cisco Systems, Inc.

Matching Score-10

Assigner-Cisco Systems, Inc.

CVSS Score-4.3||MEDIUM

EPSS-0.56% / 67.30%

7 Day CHG~0.00%

Published-20 Jan, 2014 | 02:00

Updated-11 Apr, 2025 | 00:51

Cross-site scripting (XSS) vulnerability in the portal in Cisco Secure Access Control System (ACS) allows remote attackers to inject arbitrary web script or HTML via an unspecified parameter, aka Bug ID CSCue65949.

Product-secure_access_control_system n/a

CWE ID-CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVE-2014-0735

Matching Score-10

Assigner-Cisco Systems, Inc.

Matching Score-10

Assigner-Cisco Systems, Inc.

CVSS Score-4.3||MEDIUM

EPSS-0.28% / 50.75%

7 Day CHG~0.00%

Published-20 Feb, 2014 | 02:00

Updated-11 Apr, 2025 | 00:51

Cross-site scripting (XSS) vulnerability in the IP Manager Assistant (IPMA) interface in Cisco Unified Communications Manager (Unified CM) 10.0(1) and earlier allows remote attackers to inject arbitrary web script or HTML via a crafted URL, aka Bug ID CSCum46470.

CWE ID-CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVE-2014-0680

Matching Score-10

Assigner-Cisco Systems, Inc.

Matching Score-10

Assigner-Cisco Systems, Inc.

CVSS Score-4.3||MEDIUM

EPSS-0.53% / 66.35%

7 Day CHG~0.00%

Published-29 Jan, 2014 | 16:00

Updated-11 Apr, 2025 | 00:51

Cross-site scripting (XSS) vulnerability in the HTTP control interface in the NAC Web Agent component in Cisco Identity Services Engine (ISE) allows remote attackers to inject arbitrary web script or HTML via a crafted URL, aka Bug ID CSCui15038.

Product-identity_services_engine n/a

CWE ID-CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVE-2014-0670

Matching Score-10

Assigner-Cisco Systems, Inc.

Matching Score-10

Assigner-Cisco Systems, Inc.

CVSS Score-4.3||MEDIUM

EPSS-0.54% / 66.72%

7 Day CHG~0.00%

Published-22 Jan, 2014 | 02:00

Updated-11 Apr, 2025 | 00:51

Cross-site scripting (XSS) vulnerability in the Search and Play interface in Cisco MediaSense allows remote attackers to inject arbitrary web script or HTML via an unspecified parameter, aka Bug ID CSCum16686.

Product-mediasense n/a

CWE ID-CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVE-2013-6963

Matching Score-10

Assigner-Cisco Systems, Inc.

Matching Score-10

Assigner-Cisco Systems, Inc.

CVSS Score-4.3||MEDIUM

EPSS-0.36% / 57.33%

7 Day CHG~0.00%

Published-14 Dec, 2013 | 22:00

Updated-11 Apr, 2025 | 00:51

Cross-site scripting (XSS) vulnerability in the registration component in Cisco WebEx Training Center allows remote attackers to inject arbitrary web script or HTML via a crafted URL, aka Bug ID CSCul36207.

Product-webex_training_center n/a

CWE ID-CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVE-2013-6974

Matching Score-10

Assigner-Cisco Systems, Inc.

Matching Score-10

Assigner-Cisco Systems, Inc.

CVSS Score-4.3||MEDIUM

EPSS-0.42% / 61.06%

7 Day CHG~0.00%

Published-10 Jan, 2014 | 11:00

Updated-11 Apr, 2025 | 00:51

Cross-site scripting (XSS) vulnerability in the web interface in Cisco Secure Access Control System (ACS) allows remote attackers to inject arbitrary web script or HTML via an unspecified parameter, aka Bug ID CSCud89431.

Product-secure_access_control_system n/a

CWE ID-CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVE-2013-6962

Matching Score-10

Assigner-Cisco Systems, Inc.

Matching Score-10

Assigner-Cisco Systems, Inc.

CVSS Score-4.3||MEDIUM

EPSS-0.29% / 52.34%

7 Day CHG~0.00%

Published-14 Dec, 2013 | 22:00

Updated-11 Apr, 2025 | 00:51

Cross-site scripting (XSS) vulnerability in the mobile-browser subsystem in Cisco WebEx Meeting Center allows remote attackers to inject arbitrary web script or HTML via a crafted URL, aka Bug ID CSCul36228.

Product-webex_meeting_center n/a

CWE ID-CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVE-2013-5495

Matching Score-10

Assigner-Cisco Systems, Inc.

Matching Score-10

Assigner-Cisco Systems, Inc.

CVSS Score-4.3||MEDIUM

EPSS-0.26% / 49.42%

7 Day CHG~0.00%

Published-16 Sep, 2013 | 01:00

Updated-11 Apr, 2025 | 00:51

Cross-site scripting (XSS) vulnerability in the web framework in the Application Server in Cisco Unified MeetingPlace allows remote attackers to inject arbitrary web script or HTML via an unspecified parameter, aka Bug ID CSCui44681.

Product-unified_meetingplace n/a

CWE ID-CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVE-2013-5505

Matching Score-10

Assigner-Cisco Systems, Inc.

Matching Score-10

Assigner-Cisco Systems, Inc.

CVSS Score-4.3||MEDIUM

EPSS-0.52% / 65.68%

7 Day CHG~0.00%

Published-30 Sep, 2013 | 10:00

Updated-11 Apr, 2025 | 00:51

Cross-site scripting (XSS) vulnerability in an administration page in Cisco Identity Services Engine (ISE) allows remote attackers to inject arbitrary web script or HTML via an unspecified parameter, aka Bug ID CSCui30275.

Product-identity_services_engine_software n/a

CWE ID-CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVE-2013-5501

Matching Score-10

Assigner-Cisco Systems, Inc.

Matching Score-10

Assigner-Cisco Systems, Inc.

CVSS Score-4.3||MEDIUM

EPSS-0.30% / 52.54%

7 Day CHG~0.00%

Published-20 Sep, 2013 | 16:00

Updated-11 Apr, 2025 | 00:51

Cross-site scripting (XSS) vulnerability in the oraservice page in Cisco MediaSense allows remote attackers to inject arbitrary web script or HTML via an unspecified parameter, aka Bug ID CSCuj23328.

Product-mediasense n/a

CWE ID-CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVE-2014-3265

Matching Score-10

Assigner-Cisco Systems, Inc.

Matching Score-10

Assigner-Cisco Systems, Inc.

CVSS Score-4.3||MEDIUM

EPSS-0.43% / 61.70%

7 Day CHG~0.00%

Published-20 May, 2014 | 10:00

Updated-12 Apr, 2025 | 10:46

Cross-site scripting (XSS) vulnerability in the Auto Update Server (AUS) web framework in Cisco Security Manager 4.2 and earlier allows remote attackers to inject arbitrary web script or HTML via an unspecified parameter, aka Bug ID CSCuo06900.

Product-security_manager n/a

CWE ID-CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVE-2014-3365

Matching Score-10

Assigner-Cisco Systems, Inc.

Matching Score-10

Assigner-Cisco Systems, Inc.

CVSS Score-4.3||MEDIUM

EPSS-0.28% / 50.75%

7 Day CHG~0.00%

Published-12 Feb, 2015 | 01:00

Updated-12 Apr, 2025 | 10:46

Multiple cross-site scripting (XSS) vulnerabilities in Cisco Prime Security Manager (PRSM) 9.2(.1-2) and earlier allow remote attackers to inject arbitrary web script or HTML via crafted input to the (1) Dashboard or (2) Configure Realm page, aka Bug ID CSCuo94808.

Product-prime_security_manager n/a

CWE ID-CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVE-2014-3374

Matching Score-10

Assigner-Cisco Systems, Inc.

Matching Score-10

Assigner-Cisco Systems, Inc.

CVSS Score-4.3||MEDIUM

EPSS-0.50% / 64.89%

7 Day CHG~0.00%

Published-31 Oct, 2014 | 10:00

Updated-12 Apr, 2025 | 10:46

Multiple cross-site scripting (XSS) vulnerabilities in the CCM admin interface in the Server in Cisco Unified Communications Manager allow remote attackers to inject arbitrary web script or HTML via unspecified parameters, aka Bug ID CSCuq90582.

CWE ID-CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVE-2014-3329

Matching Score-10

Assigner-Cisco Systems, Inc.

Matching Score-10

Assigner-Cisco Systems, Inc.

CVSS Score-4.3||MEDIUM

EPSS-0.41% / 60.38%

7 Day CHG~0.00%

Published-29 Jul, 2014 | 20:00

Updated-12 Apr, 2025 | 10:46

Cross-site scripting (XSS) vulnerability in the web-server component in Cisco Prime Data Center Network Manager (DCNM) 6.3(2) and earlier allows remote attackers to inject arbitrary web script or HTML via a crafted URL, aka Bug ID CSCum86620.

Product-prime_data_center_network_manager n/a

CWE ID-CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVE-2014-3344

Matching Score-10

Assigner-Cisco Systems, Inc.

Matching Score-10

Assigner-Cisco Systems, Inc.

CVSS Score-4.3||MEDIUM

EPSS-0.50% / 64.89%

7 Day CHG~0.00%

Published-28 Aug, 2014 | 01:00

Updated-12 Apr, 2025 | 10:46

Multiple cross-site scripting (XSS) vulnerabilities in the web framework in Cisco Transport Gateway for Smart Call Home (aka TG-SCH or Transport Gateway Installation Software) 4.0 allow remote attackers to inject arbitrary web script or HTML via unspecified parameters, aka Bug IDs CSCuq31129, CSCuq31134, CSCuq31137, and CSCuq31563.

Product-transport_gateway_installation_software n/a

CWE ID-CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVE-2014-3375

Matching Score-10

Assigner-Cisco Systems, Inc.

Matching Score-10

Assigner-Cisco Systems, Inc.

CVSS Score-4.3||MEDIUM

EPSS-0.53% / 66.35%

7 Day CHG~0.00%

Published-31 Oct, 2014 | 10:00

Updated-12 Apr, 2025 | 10:46

Multiple cross-site scripting (XSS) vulnerabilities in the CCM Service interface in the Server in Cisco Unified Communications Manager allow remote attackers to inject arbitrary web script or HTML via unspecified parameters, aka Bug ID CSCuq90597.

CWE ID-CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVE-2014-3325

Matching Score-10

Assigner-Cisco Systems, Inc.

Matching Score-10

Assigner-Cisco Systems, Inc.

CVSS Score-4.3||MEDIUM

EPSS-0.40% / 59.66%

7 Day CHG~0.00%

Published-19 Jul, 2014 | 19:00

Updated-12 Apr, 2025 | 10:46

Multiple cross-site scripting (XSS) vulnerabilities in Cisco Unified Customer Voice Portal (CVP) allow remote attackers to inject arbitrary web script or HTML via a crafted parameter, aka Bug IDs CSCuh61711, CSCuh61720, CSCuh61723, CSCuh61726, CSCuh61727, CSCuh61731, and CSCuh61733.

Product-unified_customer_voice_portal n/a

CWE ID-CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVE-2014-2120

Matching Score-10

Assigner-Cisco Systems, Inc.

Matching Score-10

Assigner-Cisco Systems, Inc.

CVSS Score-5.4||MEDIUM

EPSS-80.12% / 99.08%

7 Day CHG~0.00%

Published-19 Mar, 2014 | 01:00

Updated-20 Aug, 2025 | 03:56

Known KEV||Action Due Date - 2024-12-03||Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.

Cross-site scripting (XSS) vulnerability in the WebVPN login page in Cisco Adaptive Security Appliance (ASA) Software allows remote attackers to inject arbitrary web script or HTML via an unspecified parameter, aka Bug ID CSCun19025.

Product-adaptive_security_appliance_software n/a adaptive_security_appliance_software Adaptive Security Appliance (ASA)

CWE ID-CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVE-2014-2191

Matching Score-10

Assigner-Cisco Systems, Inc.

Matching Score-10

Assigner-Cisco Systems, Inc.

CVSS Score-4.3||MEDIUM

EPSS-0.26% / 49.42%

7 Day CHG~0.00%

Published-07 May, 2014 | 10:00

Updated-12 Apr, 2025 | 10:46

Cross-site scripting (XSS) vulnerability in the web framework in Cisco Broadcast Access Center for Telco and Wireless (aka BAC-TW) allows remote attackers to inject arbitrary web script or HTML via an unspecified parameter, aka Bug ID CSCun91113.

Product-broadband_access_center_telco_wireless_software n/a

CWE ID-CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVE-2014-2125

Matching Score-10

Assigner-Cisco Systems, Inc.

Matching Score-10

Assigner-Cisco Systems, Inc.

CVSS Score-4.3||MEDIUM

EPSS-0.32% / 54.59%

7 Day CHG~0.00%

Published-02 Apr, 2014 | 01:00

Updated-12 Apr, 2025 | 10:46

Cross-site scripting (XSS) vulnerability in the Web Inbox in Cisco Unity Connection 8.6(2a)SU3 and earlier allows remote attackers to inject arbitrary web script or HTML via an unspecified parameter, aka Bug ID CSCui33028.

Product-unity_connection n/a

CWE ID-CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVE-2014-2118

Matching Score-10

Assigner-Cisco Systems, Inc.

Matching Score-10

Assigner-Cisco Systems, Inc.

CVSS Score-4.3||MEDIUM

EPSS-0.28% / 50.75%

7 Day CHG~0.00%

Published-27 Mar, 2014 | 21:00

Updated-12 Apr, 2025 | 10:46

Multiple cross-site scripting (XSS) vulnerabilities in dashboard-related HTML documents in Cisco Prime Security Manager (aka PRSM) 9.2(.1-2) and earlier allow remote attackers to inject arbitrary web script or HTML via unspecified parameters, aka Bug ID CSCun50687.

Product-prime_security_manager n/a

CWE ID-CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVE-2014-2104

Matching Score-10

Assigner-Cisco Systems, Inc.

Matching Score-10

Assigner-Cisco Systems, Inc.

CVSS Score-4.3||MEDIUM

EPSS-0.32% / 54.59%

7 Day CHG~0.00%

Published-02 Mar, 2014 | 02:00

Updated-12 Apr, 2025 | 10:46

Multiple cross-site scripting (XSS) vulnerabilities in the Business Voice Services Manager (BVSM) page in Cisco Unified Communications Domain Manager 9.0(.1) allow remote attackers to inject arbitrary web script or HTML via unspecified parameters, aka Bug IDs CSCum78536, CSCum78526, CSCum69809, and CSCum63113.

Product-unified_communications_domain_manager n/a

CWE ID-CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVE-2014-2153

Matching Score-10

Assigner-Cisco Systems, Inc.

Matching Score-10

Assigner-Cisco Systems, Inc.

CVSS Score-4.3||MEDIUM

EPSS-0.26% / 48.74%

7 Day CHG~0.00%

Published-12 Feb, 2015 | 01:00

Updated-12 Apr, 2025 | 10:46

Multiple cross-site scripting (XSS) vulnerabilities in INSERT pages in Cisco Prime Infrastructure allow remote attackers to inject arbitrary web script or HTML via unspecified parameters, aka Bug ID CSCun21869.

Product-prime_infrastructure n/a

CWE ID-CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVE-2014-0681

Matching Score-10

Assigner-Cisco Systems, Inc.

Matching Score-10

Assigner-Cisco Systems, Inc.

CVSS Score-4.3||MEDIUM

EPSS-0.71% / 71.26%

7 Day CHG~0.00%

Published-29 Jan, 2014 | 16:00

Updated-11 Apr, 2025 | 00:51

Cross-site scripting (XSS) vulnerability in Cisco Identity Services Engine (ISE) 1.2 patch 2 and earlier allows remote attackers to inject arbitrary web script or HTML via a report containing a crafted URL that is not properly handled during generation of report-output pages, aka Bug ID CSCui15064.

Product-identity_services_engine_software n/a

CWE ID-CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVE-2014-0663

Matching Score-10

Assigner-Cisco Systems, Inc.

Matching Score-10

Assigner-Cisco Systems, Inc.

CVSS Score-4.3||MEDIUM

EPSS-0.56% / 67.30%

7 Day CHG~0.00%

Published-10 Jan, 2014 | 16:00

Updated-11 Apr, 2025 | 00:51

Cross-site scripting (XSS) vulnerability in the web framework in Cisco Secure Access Control System (ACS) allows remote attackers to inject arbitrary web script or HTML via an unspecified parameter, aka Bug ID CSCum03625.

Product-secure_access_control_system n/a

CWE ID-CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVE-2014-0652

Matching Score-10

Assigner-Cisco Systems, Inc.

Matching Score-10

Assigner-Cisco Systems, Inc.

CVSS Score-4.3||MEDIUM

EPSS-0.54% / 66.72%

7 Day CHG~0.00%

Published-08 Jan, 2014 | 21:00

Updated-11 Apr, 2025 | 00:51

Cross-site scripting (XSS) vulnerability in the Mappings page in Cisco Context Directory Agent (CDA) allows remote attackers to inject arbitrary web script or HTML via a crafted URL, aka Bug ID CSCuj45358.

Product-context_directory_agent n/a

CWE ID-CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVE-2014-0723

Matching Score-10

Assigner-Cisco Systems, Inc.

Matching Score-10

Assigner-Cisco Systems, Inc.

CVSS Score-4.3||MEDIUM

EPSS-0.29% / 51.58%

7 Day CHG~0.00%

Published-13 Feb, 2014 | 02:00

Updated-11 Apr, 2025 | 00:51

Cross-site scripting (XSS) vulnerability in the IP Manager Assistant (IPMA) interface in Cisco Unified Communications Manager (UCM) allows remote attackers to inject arbitrary web script or HTML via a crafted URL, aka Bug ID CSCum05343.

CWE ID-CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVE-2013-6711

Matching Score-10

Assigner-Cisco Systems, Inc.

Matching Score-10

Assigner-Cisco Systems, Inc.

CVSS Score-4.3||MEDIUM

EPSS-0.43% / 61.70%

7 Day CHG~0.00%

Published-14 Dec, 2013 | 22:00

Updated-11 Apr, 2025 | 00:51

Cross-site scripting (XSS) vulnerability in the product-creation administrative page in Cisco WebEx Sales Center allows remote attackers to inject arbitrary web script or HTML via a crafted URL, aka Bug ID CSCul25540.

Product-webex_sales_center n/a

CWE ID-CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVE-2013-6960

Matching Score-10

Assigner-Cisco Systems, Inc.

Matching Score-10

Assigner-Cisco Systems, Inc.

CVSS Score-4.3||MEDIUM

EPSS-0.50% / 64.89%

7 Day CHG~0.00%

Published-14 Dec, 2013 | 22:00

Updated-11 Apr, 2025 | 00:51

Multiple cross-site scripting (XSS) vulnerabilities in Cisco WebEx Meeting Center allow remote attackers to inject arbitrary web script or HTML via a crafted URL, aka Bug ID CSCul36248.

Product-webex_meeting_center n/a

CWE ID-CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVE-2021-1407

Matching Score-10

Assigner-Cisco Systems, Inc.