Vulnerabilities > Cisco > Medium
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2017-10-19 | CVE-2017-12298 | Cross-site Scripting vulnerability in Cisco Webex Meeting Center A vulnerability in Cisco WebEx Meeting Center could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of an affected system. | 4.3 |
2017-10-19 | CVE-2017-12296 | Cross-site Scripting vulnerability in Cisco Webex Meetings Server 2.6/2.7/2.8 A vulnerability in Cisco WebEx Meetings Server could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the affected system. | 4.3 |
2017-10-19 | CVE-2017-12293 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Cisco Webex Meetings Server 2.7 A vulnerability in Cisco WebEx Meetings Server could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition. | 5.0 |
2017-10-19 | CVE-2017-12288 | Cross-site Scripting vulnerability in Cisco Finesse 11.5(1) A vulnerability in the web-based management interface of Cisco Unified Contact Center Express could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of an affected device. | 4.3 |
2017-10-19 | CVE-2017-12287 | Improper Input Validation vulnerability in Cisco products A vulnerability in the cluster database (CDB) management component of Cisco Expressway Series Software and Cisco TelePresence Video Communication Server (VCS) Software could allow an authenticated, remote attacker to cause the CDB process on an affected system to restart unexpectedly, resulting in a temporary denial of service (DoS) condition. | 4.0 |
2017-10-19 | CVE-2017-12285 | Improper Input Validation vulnerability in Cisco Prime Network Analysis Module 6.2(1B) A vulnerability in the web interface of Cisco Network Analysis Module Software could allow an unauthenticated, remote attacker to delete arbitrary files from an affected system, aka Directory Traversal. | 6.4 |
2017-10-19 | CVE-2017-12272 | Cross-site Scripting vulnerability in Cisco IOS XE 16.1.2/16.2.0/16.3(1) A vulnerability in the web framework code of Cisco IOS XE Software could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web interface of the affected software. | 4.3 |
2017-10-19 | CVE-2017-12260 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Cisco products A vulnerability in the implementation of Session Initiation Protocol (SIP) functionality in Cisco Small Business SPA50x, SPA51x, and SPA52x Series IP Phones could allow an unauthenticated, remote attacker to cause an affected device to become unresponsive, resulting in a denial of service (DoS) condition. | 5.0 |
2017-10-19 | CVE-2017-12259 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Cisco Small Business IP Phone Firmware A vulnerability in the implementation of Session Initiation Protocol (SIP) functionality in Cisco Small Business SPA51x Series IP Phones could allow an unauthenticated, remote attacker to cause an affected device to become unresponsive, resulting in a denial of service (DoS) condition. | 5.0 |
2017-10-19 | CVE-2017-12251 | Improper Authentication vulnerability in Cisco Cloud Services Platform 2100 A vulnerability in the web console of the Cisco Cloud Services Platform (CSP) 2100 could allow an authenticated, remote attacker to interact maliciously with the services or virtual machines (VMs) operating remotely on an affected CSP device. | 6.5 |