Vulnerabilities > Cisco > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2018-02-22 | CVE-2018-0201 | Cross-site Scripting vulnerability in Cisco Jabber 11.9/11.9(.0) A vulnerability in Cisco Jabber Client Framework (JCF) could allow an authenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of an affected device. | 5.4 |
| 2018-02-22 | CVE-2018-0200 | Cross-site Scripting vulnerability in Cisco Prime Service Catalog A vulnerability in the web-based interface of Cisco Prime Service Catalog could allow an unauthenticated, remote attacker to conduct a reflected cross-site scripting (XSS) attack against a user of the web-based interface of an affected product. | 6.1 |
| 2018-02-22 | CVE-2018-0199 | Cross-site Scripting vulnerability in Cisco Jabber 11.9/11.9(0) A vulnerability in Cisco Jabber Client Framework (JCF) could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of an affected device. | 6.1 |
| 2018-02-22 | CVE-2018-0146 | Cross-Site Request Forgery (CSRF) vulnerability in Cisco Data Center Analytics Framework 3.1 A vulnerability in the Cisco Data Center Analytics Framework application could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack on an affected system. | 5.4 |
| 2018-02-22 | CVE-2018-0145 | Cross-site Scripting vulnerability in Cisco Data Center Analytics Framework 3.1 A vulnerability in the web-based management interface of the Cisco Data Center Analytics Framework application could allow an unauthenticated, remote attacker to conduct a reflected cross-site scripting (XSS) attack against a user of the interface of an affected system. | 6.1 |
| 2018-02-08 | CVE-2018-0140 | Forced Browsing vulnerability in Cisco products A vulnerability in the spam quarantine of Cisco Email Security Appliance and Cisco Content Security Management Appliance could allow an authenticated, remote attacker to download any message from the spam quarantine by modifying browser string information. | 6.5 |
| 2018-02-08 | CVE-2018-0138 | Protection Mechanism Failure vulnerability in Cisco Firepower Threat Defense A vulnerability in the detection engine of Cisco Firepower System Software could allow an unauthenticated, remote attacker to bypass file policies that are configured to block files transmitted to an affected device via the BitTorrent protocol. | 5.3 |
| 2018-02-08 | CVE-2018-0135 | Improper Input Validation vulnerability in Cisco Unified Communications Manager 11.0(1.24075.1) A vulnerability in Cisco Unified Communications Manager could allow an authenticated, remote attacker to access sensitive information on an affected system. | 4.3 |
| 2018-02-08 | CVE-2018-0134 | Information Exposure Through Discrepancy vulnerability in Cisco Mobility Services Engine 13.0.0/13.1.0 A vulnerability in the RADIUS authentication module of Cisco Policy Suite could allow an unauthenticated, remote attacker to determine whether a subscriber username is valid. | 5.3 |
| 2018-02-08 | CVE-2018-0129 | Cross-site Scripting vulnerability in Cisco Data Center Analytics Framework 1.0 A vulnerability in the web-based management interface of Cisco Data Center Analytics Framework could allow an unauthenticated, remote attacker to conduct a reflected cross-site scripting (XSS) attack against a user of the web-based management interface of an affected device. | 6.1 |