Vulnerabilities > Cisco > Firepower Management Center > 2.9.14.0
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-04-29 | CVE-2021-1457 | Cross-site Scripting vulnerability in Cisco Firepower Management Center Multiple vulnerabilities in the web-based management interface of Cisco Firepower Management Center (FMC) Software could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the interface. | 4.8 |
| 2021-04-29 | CVE-2021-1456 | Cross-site Scripting vulnerability in Cisco Firepower Management Center Multiple vulnerabilities in the web-based management interface of Cisco Firepower Management Center (FMC) Software could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the interface. | 4.8 |
| 2021-01-13 | CVE-2021-1267 | XML Entity Expansion vulnerability in Cisco Firepower Management Center A vulnerability in the dashboard widget of Cisco Firepower Management Center (FMC) Software could allow an authenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. | 4.0 |
| 2021-01-13 | CVE-2021-1239 | Cross-site Scripting vulnerability in Cisco Firepower Management Center Multiple vulnerabilities in the web-based management interface of Cisco Firepower Management Center (FMC) could allow an authenticated, remote attacker to conduct a stored cross-site scripting (XSS) attack against a user of the interface of an affected system. | 3.5 |
| 2021-01-13 | CVE-2021-1238 | Cross-site Scripting vulnerability in Cisco Firepower Management Center Multiple vulnerabilities in the web-based management interface of Cisco Firepower Management Center (FMC) could allow an authenticated, remote attacker to conduct a stored cross-site scripting (XSS) attack against a user of the interface of an affected system. | 3.5 |
| 2021-01-13 | CVE-2021-1236 | Always-Incorrect Control Flow Implementation vulnerability in multiple products Multiple Cisco products are affected by a vulnerability in the Snort application detection engine that could allow an unauthenticated, remote attacker to bypass the configured policies on an affected system. | 5.3 |
| 2021-01-13 | CVE-2021-1224 | Multiple Cisco products are affected by a vulnerability with TCP Fast Open (TFO) when used in conjunction with the Snort detection engine that could allow an unauthenticated, remote attacker to bypass a configured file policy for HTTP. | 5.3 |
| 2021-01-13 | CVE-2021-1223 | Multiple Cisco products are affected by a vulnerability in the Snort detection engine that could allow an unauthenticated, remote attacker to bypass a configured file policy for HTTP. | 7.5 |
| 2021-01-13 | CVE-2021-1126 | Incorrect Permission Assignment for Critical Resource vulnerability in Cisco Firepower Management Center A vulnerability in the storage of proxy server credentials of Cisco Firepower Management Center (FMC) could allow an authenticated, local attacker to view credentials for a configured proxy server. | 2.1 |
| 2020-10-21 | CVE-2020-3557 | Improper Certificate Validation vulnerability in Cisco Firepower Management Center A vulnerability in the host input API daemon of Cisco Firepower Management Center (FMC) Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. | 5.3 |