Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2020-3561

Summary
Assigner-cisco
Assigner Org ID-d1c1063e-7a18-46af-9102-31f8928bc633
Published At-21 Oct, 2020 | 18:41
Updated At-13 Nov, 2024 | 17:46
Rejected At-
Credits

Cisco Adaptive Security Appliance Software and Firepower Threat Defense Software WebVPN CRLF Injection Vulnerability

A vulnerability in the Clientless SSL VPN (WebVPN) of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to inject arbitrary HTTP headers in the responses of the affected system. The vulnerability is due to improper input sanitization. An attacker could exploit this vulnerability by persuading a user of the interface to click a crafted link. A successful exploit could allow the attacker to conduct a CRLF injection attack, adding arbitrary HTTP headers in the responses of the system and redirecting the user to arbitrary websites.

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
â–¼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:cisco
Assigner Org ID:d1c1063e-7a18-46af-9102-31f8928bc633
Published At:21 Oct, 2020 | 18:41
Updated At:13 Nov, 2024 | 17:46
Rejected At:
â–¼CVE Numbering Authority (CNA)
Cisco Adaptive Security Appliance Software and Firepower Threat Defense Software WebVPN CRLF Injection Vulnerability

A vulnerability in the Clientless SSL VPN (WebVPN) of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to inject arbitrary HTTP headers in the responses of the affected system. The vulnerability is due to improper input sanitization. An attacker could exploit this vulnerability by persuading a user of the interface to click a crafted link. A successful exploit could allow the attacker to conduct a CRLF injection attack, adding arbitrary HTTP headers in the responses of the system and redirecting the user to arbitrary websites.

Affected Products
Vendor
Cisco Systems, Inc.Cisco
Product
Cisco Adaptive Security Appliance (ASA) Software
Versions
Affected
  • n/a
Problem Types
TypeCWE IDDescription
CWECWE-93CWE-93
Type: CWE
CWE ID: CWE-93
Description: CWE-93
Metrics
VersionBase scoreBase severityVector
3.04.7MEDIUM
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:L/A:N
Version: 3.0
Base score: 4.7
Base severity: MEDIUM
Vector:
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:L/A:N
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions

Configurations

Workarounds

Exploits

The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory.

Credits

Timeline
EventDate
Replaced By

Rejected Reason

References
HyperlinkResource
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-asa-ftd-crlf-inj-BX9uRwSn
vendor-advisory
x_refsource_CISCO
Hyperlink: https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-asa-ftd-crlf-inj-BX9uRwSn
Resource:
vendor-advisory
x_refsource_CISCO
â–¼Authorized Data Publishers (ADP)
1. CVE Program Container
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions

Configurations

Workarounds

Exploits

Credits

Timeline
EventDate
Replaced By

Rejected Reason

References
HyperlinkResource
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-asa-ftd-crlf-inj-BX9uRwSn
vendor-advisory
x_refsource_CISCO
x_transferred
Hyperlink: https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-asa-ftd-crlf-inj-BX9uRwSn
Resource:
vendor-advisory
x_refsource_CISCO
x_transferred
2. CISA ADP Vulnrichment
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions

Configurations

Workarounds

Exploits

Credits

Timeline
EventDate
Replaced By

Rejected Reason

References
HyperlinkResource
Information is not available yet
â–¼National Vulnerability Database (NVD)
nvd.nist.gov
Source:ykramarz@cisco.com
Published At:21 Oct, 2020 | 19:15
Updated At:16 Aug, 2023 | 16:17

A vulnerability in the Clientless SSL VPN (WebVPN) of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to inject arbitrary HTTP headers in the responses of the affected system. The vulnerability is due to improper input sanitization. An attacker could exploit this vulnerability by persuading a user of the interface to click a crafted link. A successful exploit could allow the attacker to conduct a CRLF injection attack, adding arbitrary HTTP headers in the responses of the system and redirecting the user to arbitrary websites.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Primary3.14.7MEDIUM
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:L/A:N
Secondary3.04.7MEDIUM
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:L/A:N
Primary2.04.3MEDIUM
AV:N/AC:M/Au:N/C:N/I:P/A:N
Type: Primary
Version: 3.1
Base score: 4.7
Base severity: MEDIUM
Vector:
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:L/A:N
Type: Secondary
Version: 3.0
Base score: 4.7
Base severity: MEDIUM
Vector:
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:L/A:N
Type: Primary
Version: 2.0
Base score: 4.3
Base severity: MEDIUM
Vector:
AV:N/AC:M/Au:N/C:N/I:P/A:N
CPE Matches

Cisco Systems, Inc.
cisco
>>adaptive_security_appliance>>Versions before 9.6.4.35(exclusive)
cpe:2.3:a:cisco:adaptive_security_appliance:*:*:*:*:*:*:*:*
Cisco Systems, Inc.
cisco
>>firepower_threat_defense>>Versions before 6.3.0.6(exclusive)
cpe:2.3:a:cisco:firepower_threat_defense:*:*:*:*:*:*:*:*
Cisco Systems, Inc.
cisco
>>firepower_threat_defense>>Versions from 6.4.0(inclusive) to 6.4.0.10(exclusive)
cpe:2.3:a:cisco:firepower_threat_defense:*:*:*:*:*:*:*:*
Cisco Systems, Inc.
cisco
>>firepower_threat_defense>>Versions from 6.5.0(inclusive) to 6.5.0.5(exclusive)
cpe:2.3:a:cisco:firepower_threat_defense:*:*:*:*:*:*:*:*
Cisco Systems, Inc.
cisco
>>firepower_threat_defense>>Versions from 6.6.0(inclusive) to 6.6.1(exclusive)
cpe:2.3:a:cisco:firepower_threat_defense:*:*:*:*:*:*:*:*
Cisco Systems, Inc.
cisco
>>adaptive_security_appliance_software>>Versions from 9.8.0(inclusive) to 9.8.4.20(exclusive)
cpe:2.3:o:cisco:adaptive_security_appliance_software:*:*:*:*:*:*:*:*
Cisco Systems, Inc.
cisco
>>adaptive_security_appliance_software>>Versions from 9.9.0(inclusive) to 9.9.2.80(exclusive)
cpe:2.3:o:cisco:adaptive_security_appliance_software:*:*:*:*:*:*:*:*
Cisco Systems, Inc.
cisco
>>adaptive_security_appliance_software>>Versions from 9.10.0(inclusive) to 9.10.1.43(exclusive)
cpe:2.3:o:cisco:adaptive_security_appliance_software:*:*:*:*:*:*:*:*
Cisco Systems, Inc.
cisco
>>adaptive_security_appliance_software>>Versions from 9.12.0(inclusive) to 9.12.3.9(exclusive)
cpe:2.3:o:cisco:adaptive_security_appliance_software:*:*:*:*:*:*:*:*
Cisco Systems, Inc.
cisco
>>adaptive_security_appliance_software>>Versions from 9.13.0(inclusive) to 9.13.1.10(exclusive)
cpe:2.3:o:cisco:adaptive_security_appliance_software:*:*:*:*:*:*:*:*
Cisco Systems, Inc.
cisco
>>adaptive_security_appliance_software>>Versions from 9.14.0(inclusive) to 9.14.1.10(exclusive)
cpe:2.3:o:cisco:adaptive_security_appliance_software:*:*:*:*:*:*:*:*
Weaknesses
CWE IDTypeSource
CWE-74Primarynvd@nist.gov
CWE-93Secondaryykramarz@cisco.com
CWE ID: CWE-74
Type: Primary
Source: nvd@nist.gov
CWE ID: CWE-93
Type: Secondary
Source: ykramarz@cisco.com
Evaluator Description

Evaluator Impact

Evaluator Solution

Vendor Statements

References
HyperlinkSourceResource
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-asa-ftd-crlf-inj-BX9uRwSnykramarz@cisco.com
Vendor Advisory
Hyperlink: https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-asa-ftd-crlf-inj-BX9uRwSn
Source: ykramarz@cisco.com
Resource:
Vendor Advisory

Change History

0
Information is not available yet

Similar CVEs

626Records found

CVE-2019-1680
Matching Score-10
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-10
Assigner-Cisco Systems, Inc.
CVSS Score-4.3||MEDIUM
EPSS-1.41% / 69.45%
||
7 Day CHG~0.00%
Published-07 Feb, 2019 | 21:00
Updated-21 Nov, 2024 | 19:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Cisco Webex Business Suite Content Injection Vulnerability

A vulnerability in Cisco Webex Business Suite could allow an unauthenticated, remote attacker to inject arbitrary text into a user's browser. The vulnerability is due to improper validation of input. An attacker could exploit this vulnerability by convincing a targeted user to view a malicious URL. A successful exploit could allow the attacker to inject arbitrary text into the user's browser. The attacker could use the content injection to conduct spoofing attacks. Versions prior than 3.0.9 are affected.

Action-Not Available
Vendor-Cisco Systems, Inc.
Product-webex_business_suitewebex_meetings_onlineCisco Webex Business Suite
CWE ID-CWE-74
Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')
CWE ID-CWE-20
Improper Input Validation
CVE-2020-26081
Matching Score-10
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-10
Assigner-Cisco Systems, Inc.
CVSS Score-6.1||MEDIUM
EPSS-0.79% / 51.84%
||
7 Day CHG~0.00%
Published-18 Nov, 2020 | 17:40
Updated-13 Nov, 2024 | 17:38
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Cisco IoT Field Network Director Cross-Site Scripting Vulnerabilities

Multiple vulnerabilities in the web UI of Cisco IoT Field Network Director (FND) could allow an unauthenticated, remote attacker to conduct cross-site scripting (XSS) attacks against users on an affected system. The vulnerabilities are due to insufficient validation of user-supplied input that is processed by the web UI. An attacker could exploit these vulnerabilities by persuading a user to click a crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the interface or access sensitive, browser-based information on an affected system.

Action-Not Available
Vendor-Cisco Systems, Inc.
Product-iot_field_network_directorCisco IoT Field Network Director (IoT-FND)
CWE ID-CWE-74
Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')
CVE-2019-15259
Matching Score-10
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-10
Assigner-Cisco Systems, Inc.
CVSS Score-6.1||MEDIUM
EPSS-1.06% / 60.34%
||
7 Day CHG~0.00%
Published-02 Oct, 2019 | 19:06
Updated-21 Nov, 2024 | 19:10
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Cisco Unified Contact Center Express HTTP Response Splitting Vulnerability

A vulnerability in Cisco Unified Contact Center Express (UCCX) Software could allow an unauthenticated, remote attacker to conduct an HTTP response splitting attack. The vulnerability is due to insufficient input validation of some parameters that are passed to the web server of the affected system. An attacker could exploit this vulnerability by convincing a user to follow a malicious link or by intercepting a user request on an affected device. A successful exploit could allow the attacker to perform cross-site scripting attacks, web cache poisoning, access sensitive browser-based information, and similar exploits.

Action-Not Available
Vendor-Cisco Systems, Inc.
Product-unified_contact_center_expressCisco Unified Contact Center Express
CWE ID-CWE-113
Improper Neutralization of CRLF Sequences in HTTP Headers ('HTTP Request/Response Splitting')
CWE ID-CWE-74
Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')
CVE-2025-20216
Matching Score-10
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-10
Assigner-Cisco Systems, Inc.
CVSS Score-4.7||MEDIUM
EPSS-0.28% / 19.72%
||
7 Day CHG~0.00%
Published-07 May, 2025 | 17:18
Updated-29 Jul, 2025 | 13:47
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Cisco Catalyst SD-WAN Manager Reflected HTML Injection Vulnerability

A vulnerability in the web interface of Cisco Catalyst SD-WAN Manager, formerly Cisco SD-WAN vManage, could allow an unauthenticated, remote attacker to inject HTML into the browser of an authenticated user. This vulnerability is due to improper sanitization of input to the web interface. An attacker could exploit this vulnerability by convincing an authenticated user to click a malicious link. A successful exploit could allow the attacker to inject HTML into the browser of an authenticated Cisco Catalyst SD-WAN Manager user.

Action-Not Available
Vendor-Cisco Systems, Inc.
Product-catalyst_sd-wan_managerCisco Catalyst SD-WAN Manager
CWE ID-CWE-74
Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')
CVE-2022-20772
Matching Score-10
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-10
Assigner-Cisco Systems, Inc.
CVSS Score-4.7||MEDIUM
EPSS-0.55% / 41.78%
||
7 Day CHG~0.00%
Published-03 Nov, 2022 | 19:32
Updated-25 Oct, 2024 | 16:04
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A vulnerability in Cisco Email Security Appliance (ESA) and Cisco Secure Email and Web Manager could allow an unauthenticated, remote attacker to conduct an HTTP response splitting attack. This vulnerability is due to the failure of the application or its environment to properly sanitize input values. An attacker could exploit this vulnerability by injecting malicious HTTP headers, controlling the response body, or splitting the response into multiple responses.

Action-Not Available
Vendor-Cisco Systems, Inc.
Product-secure_email_and_web_manageremail_security_appliance_firmwareemail_security_appliancesecure_email_and_web_manager_firmwareCisco Secure Email and Web ManagerCisco Secure Email
CWE ID-CWE-113
Improper Neutralization of CRLF Sequences in HTTP Headers ('HTTP Request/Response Splitting')
CWE ID-CWE-74
Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')
CVE-2020-3246
Matching Score-10
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-10
Assigner-Cisco Systems, Inc.
CVSS Score-4.7||MEDIUM
EPSS-0.90% / 55.30%
||
7 Day CHG~0.00%
Published-06 May, 2020 | 16:41
Updated-15 Nov, 2024 | 17:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Cisco Umbrella Carriage Return Line Feed Injection Vulnerability

A vulnerability in the web server of Cisco Umbrella could allow an unauthenticated, remote attacker to perform a carriage return line feed (CRLF) injection attack against a user of an affected service. The vulnerability is due to insufficient validation of user input. An attacker could exploit this vulnerability by persuading a user to access a crafted URL. A successful exploit could allow the attacker to inject arbitrary HTTP headers into valid HTTP responses sent to the browser of the user.

Action-Not Available
Vendor-Cisco Systems, Inc.
Product-umbrellaCisco Umbrella
CWE ID-CWE-93
Improper Neutralization of CRLF Sequences ('CRLF Injection')
CWE ID-CWE-74
Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')
CVE-2014-2192
Matching Score-8
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-8
Assigner-Cisco Systems, Inc.
CVSS Score-4.3||MEDIUM
EPSS-1.15% / 62.94%
||
7 Day CHG~0.00%
Published-20 May, 2014 | 10:00
Updated-06 May, 2026 | 22:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Cross-site scripting (XSS) vulnerability in Cisco Unified Web and E-mail Interaction Manager 9.0(2) allows remote attackers to inject arbitrary web script or HTML via an unspecified parameter, aka Bug ID CSCuj43033.

Action-Not Available
Vendor-n/aCisco Systems, Inc.
Product-unified_web_and_e-mail_interaction_managern/a
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2014-2147
Matching Score-8
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-8
Assigner-Cisco Systems, Inc.
CVSS Score-4.3||MEDIUM
EPSS-1.48% / 70.71%
||
7 Day CHG~0.00%
Published-12 Feb, 2015 | 01:00
Updated-06 May, 2026 | 22:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The web interface in Cisco Prime Infrastructure 2.1 and earlier does not properly restrict use of IFRAME elements, which makes it easier for remote attackers to conduct clickjacking attacks and unspecified other attacks via a crafted web site, related to a "cross-frame scripting (XFS)" issue, aka Bug ID CSCuj42444.

Action-Not Available
Vendor-n/aCisco Systems, Inc.
Product-prime_infrastructuren/a
CWE ID-CWE-20
Improper Input Validation
CVE-2014-2114
Matching Score-8
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-8
Assigner-Cisco Systems, Inc.
CVSS Score-4.3||MEDIUM
EPSS-1.81% / 75.93%
||
7 Day CHG+0.02%
Published-04 Apr, 2014 | 15:00
Updated-06 May, 2026 | 22:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Cross-site scripting (XSS) vulnerability in UserServlet in Cisco Emergency Responder (ER) 8.6 and earlier allows remote attackers to inject arbitrary web script or HTML via an unspecified parameter, aka Bug ID CSCun24384.

Action-Not Available
Vendor-n/aCisco Systems, Inc.
Product-emergency_respondern/a
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2014-2118
Matching Score-8
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-8
Assigner-Cisco Systems, Inc.
CVSS Score-4.3||MEDIUM
EPSS-1.81% / 75.93%
||
7 Day CHG+0.02%
Published-27 Mar, 2014 | 21:00
Updated-06 May, 2026 | 22:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Multiple cross-site scripting (XSS) vulnerabilities in dashboard-related HTML documents in Cisco Prime Security Manager (aka PRSM) 9.2(.1-2) and earlier allow remote attackers to inject arbitrary web script or HTML via unspecified parameters, aka Bug ID CSCun50687.

Action-Not Available
Vendor-n/aCisco Systems, Inc.
Product-prime_security_managern/a
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2014-2116
Matching Score-8
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-8
Assigner-Cisco Systems, Inc.
CVSS Score-4.3||MEDIUM
EPSS-1.84% / 76.35%
||
7 Day CHG+0.02%
Published-04 Apr, 2014 | 15:00
Updated-06 May, 2026 | 22:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Cisco Emergency Responder (ER) 8.6 and earlier allows remote attackers to inject web pages and modify dynamic content via unspecified parameters, aka Bug ID CSCun37882.

Action-Not Available
Vendor-n/aCisco Systems, Inc.
Product-emergency_respondern/a
CWE ID-CWE-20
Improper Input Validation
CVE-2014-2193
Matching Score-8
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-8
Assigner-Cisco Systems, Inc.
CVSS Score-4.3||MEDIUM
EPSS-0.96% / 57.13%
||
7 Day CHG~0.00%
Published-20 May, 2014 | 10:00
Updated-06 May, 2026 | 22:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Cisco Unified Web and E-Mail Interaction Manager places session identifiers in GET requests, which allows remote attackers to inject conversation text by obtaining a valid identifier, aka Bug ID CSCuj43084.

Action-Not Available
Vendor-n/aCisco Systems, Inc.
Product-unified_web_and_e-mail_interaction_managern/a
CWE ID-CWE-20
Improper Input Validation
CVE-2014-2104
Matching Score-8
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-8
Assigner-Cisco Systems, Inc.
CVSS Score-4.3||MEDIUM
EPSS-1.16% / 63.22%
||
7 Day CHG~0.00%
Published-02 Mar, 2014 | 02:00
Updated-29 Apr, 2026 | 01:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Multiple cross-site scripting (XSS) vulnerabilities in the Business Voice Services Manager (BVSM) page in Cisco Unified Communications Domain Manager 9.0(.1) allow remote attackers to inject arbitrary web script or HTML via unspecified parameters, aka Bug IDs CSCum78536, CSCum78526, CSCum69809, and CSCum63113.

Action-Not Available
Vendor-n/aCisco Systems, Inc.
Product-unified_communications_domain_managern/a
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2014-2137
Matching Score-8
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-8
Assigner-Cisco Systems, Inc.
CVSS Score-4.3||MEDIUM
EPSS-0.95% / 56.81%
||
7 Day CHG~0.00%
Published-02 Apr, 2014 | 01:00
Updated-06 May, 2026 | 22:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

CRLF injection vulnerability in the web framework in Cisco Web Security Appliance (WSA) 7.7 and earlier allows remote attackers to inject arbitrary HTTP headers and conduct redirection attacks via a crafted URL, aka Bug ID CSCuj61002.

Action-Not Available
Vendor-n/aCisco Systems, Inc.
Product-web_security_virtual_applianceweb_security_appliancen/a
CWE ID-CWE-20
Improper Input Validation
CVE-2014-2125
Matching Score-8
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-8
Assigner-Cisco Systems, Inc.
CVSS Score-4.3||MEDIUM
EPSS-1.15% / 62.94%
||
7 Day CHG~0.00%
Published-02 Apr, 2014 | 01:00
Updated-06 May, 2026 | 22:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Cross-site scripting (XSS) vulnerability in the Web Inbox in Cisco Unity Connection 8.6(2a)SU3 and earlier allows remote attackers to inject arbitrary web script or HTML via an unspecified parameter, aka Bug ID CSCui33028.

Action-Not Available
Vendor-n/aCisco Systems, Inc.
Product-unity_connectionn/a
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2014-2117
Matching Score-8
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-8
Assigner-Cisco Systems, Inc.
CVSS Score-4.3||MEDIUM
EPSS-1.84% / 76.35%
||
7 Day CHG+0.02%
Published-04 Apr, 2014 | 15:00
Updated-06 May, 2026 | 22:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Multiple open redirect vulnerabilities in Cisco Emergency Responder (ER) 8.6 and earlier allow remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified parameters, aka Bug ID CSCun37909.

Action-Not Available
Vendor-n/aCisco Systems, Inc.
Product-emergency_respondern/a
CWE ID-CWE-20
Improper Input Validation
CVE-2014-2138
Matching Score-8
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-8
Assigner-Cisco Systems, Inc.
CVSS Score-4.3||MEDIUM
EPSS-0.95% / 56.81%
||
7 Day CHG~0.00%
Published-02 Apr, 2014 | 01:00
Updated-06 May, 2026 | 22:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

CRLF injection vulnerability in the web framework in Cisco Security Manager 4.2 and earlier allows remote attackers to inject arbitrary HTTP headers and conduct redirection attacks via a crafted URL, aka Bug ID CSCun82349.

Action-Not Available
Vendor-n/aCisco Systems, Inc.
Product-security_managern/a
CWE ID-CWE-20
Improper Input Validation
CVE-2014-0663
Matching Score-8
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-8
Assigner-Cisco Systems, Inc.
CVSS Score-4.3||MEDIUM
EPSS-1.49% / 70.92%
||
7 Day CHG~0.00%
Published-10 Jan, 2014 | 16:00
Updated-29 Apr, 2026 | 01:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Cross-site scripting (XSS) vulnerability in the web framework in Cisco Secure Access Control System (ACS) allows remote attackers to inject arbitrary web script or HTML via an unspecified parameter, aka Bug ID CSCum03625.

Action-Not Available
Vendor-n/aCisco Systems, Inc.
Product-secure_access_control_systemn/a
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2014-0673
Matching Score-8
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-8
Assigner-Cisco Systems, Inc.
CVSS Score-4.3||MEDIUM
EPSS-2.23% / 80.63%
||
7 Day CHG~0.00%
Published-25 Jan, 2014 | 22:00
Updated-29 Apr, 2026 | 01:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Multiple cross-site scripting (XSS) vulnerabilities in the web interface on Cisco Video Surveillance 5000 HD IP Dome cameras allow remote attackers to inject arbitrary web script or HTML via a crafted URL, aka Bug IDs CSCud10943 and CSCud10950.

Action-Not Available
Vendor-n/aCisco Systems, Inc.
Product-video_surveillance_indoor_fixed_dome_ip_hd_cameran/a
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2014-0737
Matching Score-8
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-8
Assigner-Cisco Systems, Inc.
CVSS Score-4.3||MEDIUM
EPSS-0.71% / 49.06%
||
7 Day CHG~0.00%
Published-22 Feb, 2014 | 21:00
Updated-29 Apr, 2026 | 01:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The Cisco Unified IP Phone 7960G 9.2(1) and earlier allows remote attackers to bypass authentication and change trust relationships by injecting a Certificate Trust List (CTL) file, aka Bug ID CSCuj66795.

Action-Not Available
Vendor-n/aCisco Systems, Inc.
Product-unified_ip_phone_7960gn/a
CWE ID-CWE-287
Improper Authentication
CVE-2014-0652
Matching Score-8
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-8
Assigner-Cisco Systems, Inc.
CVSS Score-4.3||MEDIUM
EPSS-2.23% / 80.63%
||
7 Day CHG~0.00%
Published-08 Jan, 2014 | 21:00
Updated-29 Apr, 2026 | 01:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Cross-site scripting (XSS) vulnerability in the Mappings page in Cisco Context Directory Agent (CDA) allows remote attackers to inject arbitrary web script or HTML via a crafted URL, aka Bug ID CSCuj45358.

Action-Not Available
Vendor-n/aCisco Systems, Inc.
Product-context_directory_agentn/a
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2014-0655
Matching Score-8
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-8
Assigner-Cisco Systems, Inc.
CVSS Score-4.3||MEDIUM
EPSS-1.51% / 71.40%
||
7 Day CHG~0.00%
Published-08 Jan, 2014 | 21:00
Updated-29 Apr, 2026 | 01:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The Identity Firewall (IDFW) functionality in Cisco Adaptive Security Appliance (ASA) Software allows remote attackers to change the user-cache contents via a replay attack involving crafted RADIUS Change of Authorization (CoA) messages, aka Bug ID CSCuj45332.

Action-Not Available
Vendor-n/aCisco Systems, Inc.
Product-adaptive_security_appliancen/a
CWE ID-CWE-20
Improper Input Validation
CVE-2014-0670
Matching Score-8
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-8
Assigner-Cisco Systems, Inc.
CVSS Score-4.3||MEDIUM
EPSS-2.23% / 80.63%
||
7 Day CHG~0.00%
Published-22 Jan, 2014 | 02:00
Updated-29 Apr, 2026 | 01:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Cross-site scripting (XSS) vulnerability in the Search and Play interface in Cisco MediaSense allows remote attackers to inject arbitrary web script or HTML via an unspecified parameter, aka Bug ID CSCum16686.

Action-Not Available
Vendor-n/aCisco Systems, Inc.
Product-mediasensen/a
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2014-0723
Matching Score-8
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-8
Assigner-Cisco Systems, Inc.
CVSS Score-4.3||MEDIUM
EPSS-1.16% / 63.30%
||
7 Day CHG~0.00%
Published-13 Feb, 2014 | 02:00
Updated-29 Apr, 2026 | 01:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Cross-site scripting (XSS) vulnerability in the IP Manager Assistant (IPMA) interface in Cisco Unified Communications Manager (UCM) allows remote attackers to inject arbitrary web script or HTML via a crafted URL, aka Bug ID CSCum05343.

Action-Not Available
Vendor-n/aCisco Systems, Inc.
Product-unified_communications_managern/a
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2014-0735
Matching Score-8
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-8
Assigner-Cisco Systems, Inc.
CVSS Score-4.3||MEDIUM
EPSS-1.79% / 75.72%
||
7 Day CHG~0.00%
Published-20 Feb, 2014 | 02:00
Updated-29 Apr, 2026 | 01:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Cross-site scripting (XSS) vulnerability in the IP Manager Assistant (IPMA) interface in Cisco Unified Communications Manager (Unified CM) 10.0(1) and earlier allows remote attackers to inject arbitrary web script or HTML via a crafted URL, aka Bug ID CSCum46470.

Action-Not Available
Vendor-n/aCisco Systems, Inc.
Product-unified_communications_managern/a
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2014-0739
Matching Score-8
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-8
Assigner-Cisco Systems, Inc.
CVSS Score-4.3||MEDIUM
EPSS-1.15% / 63.09%
||
7 Day CHG~0.00%
Published-22 Feb, 2014 | 21:00
Updated-29 Apr, 2026 | 01:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Race condition in the Phone Proxy component in Cisco Adaptive Security Appliance (ASA) Software 9.1(.3) and earlier allows remote attackers to bypass sec_db authentication and provide certain pass-through services to untrusted devices via a crafted configuration-file TFTP request, aka Bug ID CSCuj66766.

Action-Not Available
Vendor-n/aCisco Systems, Inc.
Product-adaptive_security_appliance_softwaren/a
CWE ID-CWE-287
Improper Authentication
CVE-2014-0653
Matching Score-8
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-8
Assigner-Cisco Systems, Inc.
CVSS Score-4.3||MEDIUM
EPSS-6.89% / 93.29%
||
7 Day CHG~0.00%
Published-08 Jan, 2014 | 21:00
Updated-29 Apr, 2026 | 01:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The Identity Firewall (IDFW) functionality in Cisco Adaptive Security Appliance (ASA) Software allows remote attackers to trigger authentication-state modifications via a crafted NetBIOS logout probe response, aka Bug ID CSCuj45340.

Action-Not Available
Vendor-n/aCisco Systems, Inc.
Product-adaptive_security_appliancen/a
CWE ID-CWE-20
Improper Input Validation
CVE-2014-0681
Matching Score-8
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-8
Assigner-Cisco Systems, Inc.
CVSS Score-4.3||MEDIUM
EPSS-1.43% / 69.74%
||
7 Day CHG~0.00%
Published-29 Jan, 2014 | 16:00
Updated-29 Apr, 2026 | 01:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Cross-site scripting (XSS) vulnerability in Cisco Identity Services Engine (ISE) 1.2 patch 2 and earlier allows remote attackers to inject arbitrary web script or HTML via a report containing a crafted URL that is not properly handled during generation of report-output pages, aka Bug ID CSCui15064.

Action-Not Available
Vendor-n/aCisco Systems, Inc.
Product-identity_services_engine_softwaren/a
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2014-0666
Matching Score-8
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-8
Assigner-Cisco Systems, Inc.
CVSS Score-4.3||MEDIUM
EPSS-5.54% / 91.87%
||
7 Day CHG~0.00%
Published-16 Jan, 2014 | 19:00
Updated-29 Apr, 2026 | 01:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Directory traversal vulnerability in the Send Screen Capture implementation in Cisco Jabber 9.2(.1) and earlier on Windows allows remote attackers to upload arbitrary types of files, and consequently execute arbitrary code, via modified packets, aka Bug ID CSCug48056.

Action-Not Available
Vendor-n/aCisco Systems, Inc.
Product-jabbern/a
CWE ID-CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CVE-2013-6711
Matching Score-8
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-8
Assigner-Cisco Systems, Inc.
CVSS Score-4.3||MEDIUM
EPSS-2.06% / 79.00%
||
7 Day CHG~0.00%
Published-14 Dec, 2013 | 22:00
Updated-29 Apr, 2026 | 01:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Cross-site scripting (XSS) vulnerability in the product-creation administrative page in Cisco WebEx Sales Center allows remote attackers to inject arbitrary web script or HTML via a crafted URL, aka Bug ID CSCul25540.

Action-Not Available
Vendor-n/aCisco Systems, Inc.
Product-webex_sales_centern/a
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2013-6698
Matching Score-8
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-8
Assigner-Cisco Systems, Inc.
CVSS Score-4.3||MEDIUM
EPSS-0.81% / 52.31%
||
7 Day CHG~0.00%
Published-22 Nov, 2013 | 17:00
Updated-29 Apr, 2026 | 01:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The web interface on Cisco Wireless LAN Controller (WLC) devices does not properly restrict use of IFRAME elements, which makes it easier for remote attackers to conduct clickjacking attacks and unspecified other attacks via a crafted web site, related to a "cross-frame scripting (XFS)" issue, aka Bug ID CSCuf77821.

Action-Not Available
Vendor-n/aCisco Systems, Inc.
Product-wireless_lan_controllern/a
CVE-2013-6969
Matching Score-8
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-8
Assigner-Cisco Systems, Inc.
CVSS Score-4.3||MEDIUM
EPSS-1.82% / 76.15%
||
7 Day CHG~0.00%
Published-14 Dec, 2013 | 22:00
Updated-29 Apr, 2026 | 01:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The training-registration page in Cisco WebEx Training Center allows remote attackers to modify unspecified fields via unknown vectors, aka Bug ID CSCul35990.

Action-Not Available
Vendor-n/aCisco Systems, Inc.
Product-webex_training_centern/a
CWE ID-CWE-20
Improper Input Validation
CVE-2013-6974
Matching Score-8
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-8
Assigner-Cisco Systems, Inc.
CVSS Score-4.3||MEDIUM
EPSS-1.44% / 70.08%
||
7 Day CHG~0.00%
Published-10 Jan, 2014 | 11:00
Updated-29 Apr, 2026 | 01:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Cross-site scripting (XSS) vulnerability in the web interface in Cisco Secure Access Control System (ACS) allows remote attackers to inject arbitrary web script or HTML via an unspecified parameter, aka Bug ID CSCud89431.

Action-Not Available
Vendor-n/aCisco Systems, Inc.
Product-secure_access_control_systemn/a
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2013-6963
Matching Score-8
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-8
Assigner-Cisco Systems, Inc.
CVSS Score-4.3||MEDIUM
EPSS-2.08% / 79.24%
||
7 Day CHG~0.00%
Published-14 Dec, 2013 | 22:00
Updated-29 Apr, 2026 | 01:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Cross-site scripting (XSS) vulnerability in the registration component in Cisco WebEx Training Center allows remote attackers to inject arbitrary web script or HTML via a crafted URL, aka Bug ID CSCul36207.

Action-Not Available
Vendor-n/aCisco Systems, Inc.
Product-webex_training_centern/a
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2013-5504
Matching Score-8
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-8
Assigner-Cisco Systems, Inc.
CVSS Score-4.3||MEDIUM
EPSS-1.49% / 70.92%
||
7 Day CHG~0.00%
Published-30 Sep, 2013 | 10:00
Updated-29 Apr, 2026 | 01:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Cross-site scripting (XSS) vulnerability in the Mobile Device Management (MDM) portal in Cisco Identity Services Engine (ISE) allows remote attackers to inject arbitrary web script or HTML via an unspecified parameter, aka Bug ID CSCui30266.

Action-Not Available
Vendor-n/aCisco Systems, Inc.
Product-identity_services_engine_softwaren/a
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2013-5519
Matching Score-8
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-8
Assigner-Cisco Systems, Inc.
CVSS Score-4.3||MEDIUM
EPSS-1.16% / 63.30%
||
7 Day CHG~0.00%
Published-03 Oct, 2013 | 10:00
Updated-29 Apr, 2026 | 01:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Cross-site scripting (XSS) vulnerability in the management interface on Cisco Wireless LAN Controller (WLC) devices allows remote attackers to inject arbitrary web script or HTML via a crafted URL, aka Bug ID CSCuf77810.

Action-Not Available
Vendor-n/aCisco Systems, Inc.
Product-wireless_lan_controllern/a
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2013-5548
Matching Score-8
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-8
Assigner-Cisco Systems, Inc.
CVSS Score-4.3||MEDIUM
EPSS-1.13% / 62.55%
||
7 Day CHG~0.00%
Published-01 Nov, 2013 | 01:00
Updated-29 Apr, 2026 | 01:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The IKEv2 implementation in Cisco IOS, when AES-GCM or AES-GMAC is used, allows remote attackers to bypass certain IPsec anti-replay features via IPsec tunnel traffic, aka Bug ID CSCuj47795.

Action-Not Available
Vendor-n/aCisco Systems, Inc.
Product-iosn/a
CVE-2013-5495
Matching Score-8
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-8
Assigner-Cisco Systems, Inc.
CVSS Score-4.3||MEDIUM
EPSS-1.35% / 68.11%
||
7 Day CHG~0.00%
Published-16 Sep, 2013 | 01:00
Updated-29 Apr, 2026 | 01:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Cross-site scripting (XSS) vulnerability in the web framework in the Application Server in Cisco Unified MeetingPlace allows remote attackers to inject arbitrary web script or HTML via an unspecified parameter, aka Bug ID CSCui44681.

Action-Not Available
Vendor-n/aCisco Systems, Inc.
Product-unified_meetingplacen/a
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2013-5505
Matching Score-8
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-8
Assigner-Cisco Systems, Inc.
CVSS Score-4.3||MEDIUM
EPSS-1.32% / 67.50%
||
7 Day CHG~0.00%
Published-30 Sep, 2013 | 10:00
Updated-29 Apr, 2026 | 01:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Cross-site scripting (XSS) vulnerability in an administration page in Cisco Identity Services Engine (ISE) allows remote attackers to inject arbitrary web script or HTML via an unspecified parameter, aka Bug ID CSCui30275.

Action-Not Available
Vendor-n/aCisco Systems, Inc.
Product-identity_services_engine_softwaren/a
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2013-3421
Matching Score-8
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-8
Assigner-Cisco Systems, Inc.
CVSS Score-4.3||MEDIUM
EPSS-0.93% / 56.30%
||
7 Day CHG~0.00%
Published-12 Jul, 2013 | 21:00
Updated-29 Apr, 2026 | 01:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Cross-site scripting (XSS) vulnerability in the Help index page in Cisco Secure Access Control System (ACS) allows remote attackers to inject arbitrary web script or HTML via an unspecified parameter, aka Bug ID CSCud75170.

Action-Not Available
Vendor-n/aCisco Systems, Inc.
Product-secure_access_control_systemn/a
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2013-3396
Matching Score-8
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-8
Assigner-Cisco Systems, Inc.
CVSS Score-4.3||MEDIUM
EPSS-0.93% / 56.30%
||
7 Day CHG~0.00%
Published-26 Jun, 2013 | 21:00
Updated-29 Apr, 2026 | 01:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Cross-site scripting (XSS) vulnerability in the web framework in Cisco Content Security Management on Security Management Appliance (SMA) devices allows remote attackers to inject arbitrary web script or HTML via an unspecified parameter, aka Bug ID CSCuh24749.

Action-Not Available
Vendor-n/aCisco Systems, Inc.
Product-content_security_management_appliancen/a
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2013-3392
Matching Score-8
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-8
Assigner-Cisco Systems, Inc.
CVSS Score-4.3||MEDIUM
EPSS-0.48% / 37.72%
||
7 Day CHG~0.00%
Published-21 Jun, 2013 | 21:00
Updated-29 Apr, 2026 | 01:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Multiple cross-site request forgery (CSRF) vulnerabilities in Cisco WebEx Social allow remote attackers to hijack the authentication of arbitrary users via unspecified vectors, aka Bug IDs CSCuh10405 and CSCuh10355.

Action-Not Available
Vendor-n/aCisco Systems, Inc.
Product-webex_socialn/a
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2013-3440
Matching Score-8
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-8
Assigner-Cisco Systems, Inc.
CVSS Score-4.3||MEDIUM
EPSS-1.16% / 63.31%
||
7 Day CHG~0.00%
Published-23 Jul, 2013 | 17:00
Updated-29 Apr, 2026 | 01:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Multiple cross-site scripting (XSS) vulnerabilities in the administrative web interface in Cisco Unified Operations Manager allow remote attackers to inject arbitrary web script or HTML, and obtain improperly secured cookies, via unspecified vectors, aka Bug ID CSCud80186.

Action-Not Available
Vendor-n/aCisco Systems, Inc.
Product-unified_operations_managern/a
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2013-3414
Matching Score-8
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-8
Assigner-Cisco Systems, Inc.
CVSS Score-4.3||MEDIUM
EPSS-2.10% / 79.46%
||
7 Day CHG~0.00%
Published-25 Jul, 2013 | 15:00
Updated-29 Apr, 2026 | 01:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Cross-site scripting (XSS) vulnerability in the WebVPN portal login page on Cisco Adaptive Security Appliances (ASA) devices allows remote attackers to inject arbitrary web script or HTML via a crafted URL, aka Bug ID CSCug83080.

Action-Not Available
Vendor-n/aCisco Systems, Inc.
Product-adaptive_security_appliance_softwareadaptive_security_appliancen/a
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2013-3423
Matching Score-8
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-8
Assigner-Cisco Systems, Inc.
CVSS Score-4.3||MEDIUM
EPSS-0.93% / 56.30%
||
7 Day CHG~0.00%
Published-12 Jul, 2013 | 21:00
Updated-29 Apr, 2026 | 01:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Cross-site scripting (XSS) vulnerability in the web interface in Cisco Secure Access Control System (ACS) allows remote attackers to inject arbitrary web script or HTML via an unspecified field, aka Bug ID CSCud75174.

Action-Not Available
Vendor-n/aCisco Systems, Inc.
Product-secure_access_control_systemn/a
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2013-3413
Matching Score-8
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-8
Assigner-Cisco Systems, Inc.
CVSS Score-4.3||MEDIUM
EPSS-0.94% / 56.65%
||
7 Day CHG~0.00%
Published-04 Jul, 2013 | 10:00
Updated-29 Apr, 2026 | 01:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Cross-site scripting (XSS) vulnerability in the search form in the administration/monitoring panel on the Cisco Identity Services Engine (ISE) allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, aka Bug ID CSCuh87036.

Action-Not Available
Vendor-n/aCisco Systems, Inc.
Product-identity_services_engine_softwaren/a
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2013-2684
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-6.1||MEDIUM
EPSS-3.71% / 88.41%
||
7 Day CHG~0.00%
Published-06 Feb, 2020 | 20:18
Updated-06 Aug, 2024 | 15:44
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Cross-site Scripting (XSS) in Cisco Linksys E4200 1.0.05 Build 7 devices allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

Action-Not Available
Vendor-n/aCisco Systems, Inc.
Product-linksys_e4200linksys_e4200_firmwaren/a
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2013-3422
Matching Score-8
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-8
Assigner-Cisco Systems, Inc.
CVSS Score-4.3||MEDIUM
EPSS-0.93% / 56.30%
||
7 Day CHG~0.00%
Published-12 Jul, 2013 | 21:00
Updated-29 Apr, 2026 | 01:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Cross-site scripting (XSS) vulnerability in Administration pages in Cisco Secure Access Control System (ACS) allows remote attackers to inject arbitrary web script or HTML via an unspecified parameter, aka Bug ID CSCud75165.

Action-Not Available
Vendor-n/aCisco Systems, Inc.
Product-secure_access_control_systemn/a
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2020-3165
Matching Score-8
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-8
Assigner-Cisco Systems, Inc.
CVSS Score-8.2||HIGH
EPSS-1.28% / 66.47%
||
7 Day CHG~0.00%
Published-26 Feb, 2020 | 16:45
Updated-15 Nov, 2024 | 17:39
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Cisco NX-OS Software Border Gateway Protocol MD5 Authentication Bypass Vulnerability

A vulnerability in the implementation of Border Gateway Protocol (BGP) Message Digest 5 (MD5) authentication in Cisco NX-OS Software could allow an unauthenticated, remote attacker to bypass MD5 authentication and establish a BGP connection with the device. The vulnerability occurs because the BGP MD5 authentication is bypassed if the peer does not have MD5 authentication configured, the NX-OS device does have BGP MD5 authentication configured, and the NX-OS BGP virtual routing and forwarding (VRF) name is configured to be greater than 19 characters. An attacker could exploit this vulnerability by attempting to establish a BGP session with the NX-OS peer. A successful exploit could allow the attacker to establish a BGP session with the NX-OS device without MD5 authentication. The Cisco implementation of the BGP protocol accepts incoming BGP traffic only from explicitly configured peers. To exploit this vulnerability, an attacker must send the malicious packets over a TCP connection that appears to come from a trusted BGP peer. To do so, the attacker must obtain information about the BGP peers in the affected system’s trusted network.

Action-Not Available
Vendor-Cisco Systems, Inc.
Product-nexus_93180lc-exnexus_9332pqnexus_3172tqnexus_93108tc-exnexus_3636c-rnexus_9508nx-osnexus_93120txnexus_93128txnexus_9336pq_aci_spinenexus_3548-xlnexus_31128pqnexus_3132q-vnexus_9332cnexus_9364cnexus_3164qnexus_92348gc-xnexus_3172tq-32tnexus_9336c-fx2nexus_3132c-znexus_3524-xnexus_31108tc-vnexus_9348gc-fxpnexus_3172nexus_9272qnexus_3464cnexus_93216tc-fx2nexus_36180yc-rnexus_93180yc-fxnexus_3264qnexus_3432d-snexus_34180ycnexus_9000vnexus_31108pc-vnexus_3524nexus_3548nexus_3132qnexus_3016nexus_9372pxnexus_92304qcnexus_92160yc-xnexus_9504nexus_3048nexus_9372tx-enexus_93108tc-fxnexus_93360yc-fx2nexus_3524-xlnexus_9396txnexus_3232c_nexus_92300ycnexus_3064nexus_9396pxnexus_3264c-enexus_93240yc-fx2nexus_9372txnexus_3548-xnexus_3132q-xlnexus_3064-tnexus_3172tq-xlnexus_93180yc-exnexus_3408-snexus_9372px-enexus_9236cnexus_9516nexus_3172pq-xlCisco NX-OS Software
CWE ID-CWE-798
Use of Hard-coded Credentials
CVE-2013-1114
Matching Score-8
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-8
Assigner-Cisco Systems, Inc.
CVSS Score-4.3||MEDIUM
EPSS-10.27% / 95.13%
||
7 Day CHG~0.00%
Published-13 Feb, 2013 | 23:00
Updated-29 Apr, 2026 | 01:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Multiple cross-site scripting (XSS) vulnerabilities in Cisco Unity Express before 8.0 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors, aka Bug ID CSCud87527.

Action-Not Available
Vendor-n/aCisco Systems, Inc.
Product-unity_express_softwaren/a
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
  • Previous
  • 1
  • 2
  • 3
  • ...
  • 12
  • 13
  • Next
Details not found