Vulnerabilities > Cisco > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2017-11-30 | CVE-2017-12356 | Cross-site Scripting vulnerability in Cisco Jabber 10.5(2)/11.9(1) A vulnerability in the web-based management interface of Cisco Jabber for Windows, Mac, Android, and iOS could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web-based management interface of an affected device. | 4.3 |
| 2017-11-30 | CVE-2017-12355 | Improper Input Validation vulnerability in Cisco IOS XR 6.4.1Base A vulnerability in the Local Packet Transport Services (LPTS) ingress frame-processing functionality of Cisco IOS XR Software could allow an unauthenticated, remote attacker to cause one of the LPTS processes on an affected system to restart unexpectedly, resulting in a brief denial of service (DoS) condition. | 5.0 |
| 2017-11-30 | CVE-2017-12354 | Information Exposure vulnerability in Cisco Secure Access Control System 5.8(0.32) A vulnerability in the web-based interface of Cisco Secure Access Control System (ACS) could allow an unauthenticated, remote attacker to view sensitive information on an affected system. | 5.0 |
| 2017-11-30 | CVE-2017-12353 | Unspecified vulnerability in Cisco Asyncos A vulnerability in the Multipurpose Internet Mail Extensions (MIME) scanner of Cisco AsyncOS Software for Cisco Email Security Appliances (ESA) could allow an unauthenticated, remote attacker to bypass configured user filters on the device. | 5.0 |
| 2017-11-30 | CVE-2017-12351 | Exposure of Resource to Wrong Sphere vulnerability in Cisco Nx-Os 7.0(3)I7(1)/8.1(0)Bd(0.20) A vulnerability in the guest shell feature of Cisco NX-OS System Software could allow an authenticated, local attacker to read and send packets outside the scope of the guest shell container. | 4.6 |
| 2017-11-30 | CVE-2017-12347 | Cross-site Scripting vulnerability in Cisco Data Center Network Manager 10.2(1) Multiple vulnerabilities in Cisco Data Center Network Manager (DCNM) Software could allow a remote attacker to inject arbitrary values into DCNM configuration parameters, redirect a user to a malicious website, inject malicious content into a DCNM client interface, or conduct a cross-site scripting (XSS) attack against a user of the affected software. | 4.3 |
| 2017-11-30 | CVE-2017-12346 | Cross-site Scripting vulnerability in Cisco Data Center Network Manager 10.2(1) Multiple vulnerabilities in Cisco Data Center Network Manager (DCNM) Software could allow a remote attacker to inject arbitrary values into DCNM configuration parameters, redirect a user to a malicious website, inject malicious content into a DCNM client interface, or conduct a cross-site scripting (XSS) attack against a user of the affected software. | 4.3 |
| 2017-11-30 | CVE-2017-12345 | Cross-site Scripting vulnerability in Cisco Data Center Network Manager 10.2(1) Multiple vulnerabilities in Cisco Data Center Network Manager (DCNM) Software could allow a remote attacker to inject arbitrary values into DCNM configuration parameters, redirect a user to a malicious website, inject malicious content into a DCNM client interface, or conduct a cross-site scripting (XSS) attack against a user of the affected software. | 4.3 |
| 2017-11-30 | CVE-2017-12344 | Open Redirect vulnerability in Cisco Data Center Network Manager 10.2(1) Multiple vulnerabilities in Cisco Data Center Network Manager (DCNM) Software could allow a remote attacker to inject arbitrary values into DCNM configuration parameters, redirect a user to a malicious website, inject malicious content into a DCNM client interface, or conduct a cross-site scripting (XSS) attack against a user of the affected software. | 5.8 |
| 2017-11-30 | CVE-2017-12343 | Cross-site Scripting vulnerability in Cisco Data Center Network Manager 10.3(1)S3 Multiple vulnerabilities in Cisco Data Center Network Manager (DCNM) Software could allow a remote attacker to inject arbitrary values into DCNM configuration parameters, redirect a user to a malicious website, inject malicious content into a DCNM client interface, or conduct a cross-site scripting (XSS) attack against a user of the affected software. | 6.5 |