Vulnerabilities > Cisco > Medium
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2023-06-28 | CVE-2023-20028 | Cross-site Scripting vulnerability in Cisco products Multiple vulnerabilities in the web-based management interface of Cisco AsyncOS Software for Cisco Secure Email and Web Manager; Cisco Secure Email Gateway, formerly Cisco Email Security Appliance (ESA); and Cisco Secure Web Appliance, formerly Cisco Web Security Appliance (WSA), could allow a remote attacker to conduct a cross-site scripting (XSS) attack against a user of the interface. | 5.4 |
2023-06-28 | CVE-2023-20105 | Unspecified vulnerability in Cisco Telepresence Video Communication Server A vulnerability in the change password functionality of Cisco Expressway Series and Cisco TelePresence Video Communication Server (VCS) could allow an authenticated, remote attacker with Read-only credentials to elevate privileges to Administrator on an affected system. This vulnerability is due to incorrect handling of password change requests. | 6.5 |
2023-06-28 | CVE-2023-20116 | Infinite Loop vulnerability in Cisco Unified Communications Manager A vulnerability in the Administrative XML Web Service (AXL) API of Cisco Unified Communications Manager (Unified CM) and Cisco Unified Communications Manager Session Management Edition (Unified CM SME) could allow an authenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. This vulnerability is due to insufficient validation of user-supplied input to the web UI of the Self Care Portal. | 5.7 |
2023-06-28 | CVE-2023-20119 | Cross-site Scripting vulnerability in Cisco products A vulnerability in the web-based management interface of Cisco AsyncOS Software for Cisco Secure Email and Web Manager, formerly known as Content Security Management Appliance (SMA) could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the interface. This vulnerability is due to insufficient user input validation. | 6.1 |
2023-06-28 | CVE-2023-20120 | Cross-site Scripting vulnerability in Cisco products Multiple vulnerabilities in the web-based management interface of Cisco AsyncOS Software for Cisco Secure Email and Web Manager; Cisco Secure Email Gateway, formerly Cisco Email Security Appliance (ESA); and Cisco Secure Web Appliance, formerly Cisco Web Security Appliance (WSA), could allow a remote attacker to conduct a cross-site scripting (XSS) attack against a user of the interface. | 6.1 |
2023-06-28 | CVE-2023-20136 | Improper Privilege Management vulnerability in Cisco Secure Workload A vulnerability in the OpenAPI of Cisco Secure Workload could allow an authenticated, remote attacker with the privileges of a read-only user to execute operations that should require Administrator privileges. | 6.5 |
2023-06-28 | CVE-2023-20188 | Cross-site Scripting vulnerability in Cisco products A vulnerability in the web-based management interface of Cisco Small Business 200 Series Smart Switches, Cisco Small Business 300 Series Managed Switches, and Cisco Small Business 500 Series Stackable Managed Switches could allow an authenticated, remote attacker to conduct a stored cross-site scripting (XSS) attack against a user of the interface on an affected device. This vulnerability is due to insufficient validation of user-supplied input. | 4.8 |
2023-06-28 | CVE-2023-20199 | Unspecified vulnerability in Cisco DUO 2.0.1 A vulnerability in Cisco Duo Two-Factor Authentication for macOS could allow an authenticated, physical attacker to bypass secondary authentication and access an affected macOS device. low complexity cisco | 6.6 |
2023-05-18 | CVE-2023-20077 | Path Traversal vulnerability in Cisco Identity Services Engine Multiple vulnerabilities in the web-based management interface of Cisco Identity Services Engine (ISE) could allow an authenticated, remote attacker to download arbitrary files from the filesystem of an affected device. | 6.5 |
2023-05-18 | CVE-2023-20087 | Path Traversal vulnerability in Cisco Identity Services Engine Multiple vulnerabilities in the web-based management interface of Cisco Identity Services Engine (ISE) could allow an authenticated, remote attacker to download arbitrary files from the filesystem of an affected device. | 6.5 |