Vulnerabilities > Cisco > Low
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2018-08-01 | CVE-2018-0407 | Cross-site Scripting vulnerability in Cisco products A vulnerability in the web-based management interface of Cisco Small Business 300 Series (Sx300) Managed Switches could allow an authenticated, remote attacker to conduct a persistent cross-site scripting (XSS) attack against a user of the web-based management interface of an affected device. | 3.5 |
| 2018-08-01 | CVE-2018-0408 | Cross-site Scripting vulnerability in Cisco products A vulnerability in the web-based management interface of Cisco Small Business 300 Series (Sx300) Managed Switches could allow an authenticated, remote attacker to conduct a reflected cross-site scripting (XSS) attack against a user of the web-based management interface of an affected device. | 3.5 |
| 2018-07-18 | CVE-2018-0392 | Incorrect Permission Assignment for Critical Resource vulnerability in Cisco products A vulnerability in the CLI of Cisco Policy Suite could allow an authenticated, local attacker to access files owned by another user. | 2.1 |
| 2018-07-16 | CVE-2018-0368 | Unspecified vulnerability in Cisco Application Policy Infrastructure Controller Enterprise Module 1.1Base A vulnerability in Cisco Digital Network Architecture (DNA) Center could allow an authenticated, local attacker to access sensitive information on an affected system. | 2.1 |
| 2018-06-21 | CVE-2018-0359 | Session Fixation vulnerability in Cisco Meeting Server 2.3.0 A vulnerability in the session identification management functionality of the web-based management interface for Cisco Meeting Server could allow an unauthenticated, local attacker to hijack a valid user session identifier, aka Session Fixation. | 2.1 |
| 2018-06-07 | CVE-2018-0149 | Cross-site Scripting vulnerability in Cisco Integrated Management Controller Supervisor 2.1(0.2)/2.2(0.2) A vulnerability in the web-based management interface of Cisco Integrated Management Controller Supervisor Software and Cisco UCS Director Software could allow an authenticated, remote attacker to conduct a Document Object Model-based (DOM-based), stored cross-site scripting (XSS) attack against a user of the web-based management interface of an affected device. | 3.5 |
| 2018-06-07 | CVE-2018-0335 | Information Exposure Through Log Files vulnerability in Cisco Prime Collaboration 12.2 A vulnerability in the web portal authentication process of Cisco Prime Collaboration Provisioning could allow an unauthenticated, local attacker to view sensitive data. | 2.1 |
| 2018-06-07 | CVE-2018-0340 | Cross-site Scripting vulnerability in Cisco Unified Communications Manager A vulnerability in the web framework of the Cisco Unified Communications Manager (Unified CM) software could allow an authenticated, remote attacker to conduct a cross-site scripting (XSS) attack against the user of the web interface of the affected system. | 3.5 |
| 2018-06-07 | CVE-2018-0263 | Insecure Default Initialization of Resource vulnerability in Cisco Meeting Server A vulnerability in Cisco Meeting Server (CMS) could allow an unauthenticated, adjacent attacker to access services running on internal device interfaces of an affected system. | 3.3 |
| 2018-05-02 | CVE-2018-0247 | Improper Authentication vulnerability in Cisco products A vulnerability in Web Authentication (WebAuth) clients for the Cisco Wireless LAN Controller (WLC) and Aironet Access Points running Cisco IOS Software could allow an unauthenticated, adjacent attacker to bypass authentication and pass traffic. | 3.3 |