Vulnerabilities > Cisco > Prime Infrastructure > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2018-01-18 | CVE-2018-0096 | Incorrect Authorization vulnerability in Cisco Prime Infrastructure 3.2(0.0)/3.3(0.0) A vulnerability in the role-based access control (RBAC) functionality of Cisco Prime Infrastructure could allow an authenticated, remote attacker to perform a privilege escalation in which one virtual domain user can view and modify another virtual domain configuration. | 5.9 |
| 2017-08-17 | CVE-2017-6782 | Code Injection vulnerability in Cisco Prime Infrastructure 3.2(0.0) A vulnerability in the administrative web interface of Cisco Prime Infrastructure could allow an authenticated, remote attacker to modify a page in the web interface of the affected application. | 5.4 |
| 2017-07-04 | CVE-2017-6725 | Cross-site Scripting vulnerability in Cisco Prime Infrastructure 2.2(2) A vulnerability in the web framework code of Cisco Prime Infrastructure could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web interface of an affected system. | 6.1 |
| 2017-07-04 | CVE-2017-6724 | Cross-site Scripting vulnerability in Cisco Prime Infrastructure 3.1(0.0) A vulnerability in the web framework code of Cisco Prime Infrastructure could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web interface of an affected system. | 6.1 |
| 2017-07-04 | CVE-2017-6700 | Cross-site Scripting vulnerability in Cisco Prime Infrastructure 2.0(4.0.45B)/3.1(1) A vulnerability in the web-based management interface of Cisco Prime Infrastructure (PI) and Evolved Programmable Network Manager (EPNM) could allow an unauthenticated, remote attacker to conduct a Document Object Model (DOM) based (environment or client-side) cross-site scripting (XSS) attack against a user of the web-based management interface of an affected device. | 6.1 |
| 2017-07-04 | CVE-2017-6699 | Cross-site Scripting vulnerability in Cisco products A vulnerability in the web-based management interface of Cisco Prime Infrastructure (PI) and Evolved Programmable Network Manager (EPNM) could allow an unauthenticated, remote attacker to conduct a reflected cross-site scripting (XSS) attack against a user of the web-based management interface of an affected device. | 6.1 |
| 2017-07-04 | CVE-2017-6698 | SQL Injection vulnerability in Cisco Prime Infrastructure 2.0(4.0.45B)/3.1(1) A vulnerability in the Cisco Prime Infrastructure (PI) and Evolved Programmable Network Manager (EPNM) SQL database interface could allow an authenticated, remote attacker to impact the confidentiality and integrity of the application by executing arbitrary SQL queries, aka SQL Injection. | 5.4 |
| 2017-04-20 | CVE-2017-6611 | Cross-site Scripting vulnerability in Cisco Prime Infrastructure 2.2(2) A vulnerability in the web framework code of Cisco Prime Infrastructure 2.2(2) could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against the user of the web interface of the affected system. | 6.1 |
| 2017-04-07 | CVE-2017-3884 | Information Exposure vulnerability in Cisco products A vulnerability in the web interface of Cisco Prime Infrastructure and Cisco Evolved Programmable Network (EPN) Manager could allow an authenticated, remote attacker to access sensitive data. | 6.5 |
| 2017-04-07 | CVE-2017-3848 | Cross-site Scripting vulnerability in Cisco Prime Infrastructure 2.2(2)/3.0 A vulnerability in the HTTP web-based management interface of Cisco Prime Infrastructure could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web interface of the affected system. | 6.1 |