Vulnerabilities > Cisco > Medium

DATE CVE VULNERABILITY TITLE RISK
2016-11-03 CVE-2016-6454 Cross-Site Request Forgery (CSRF) vulnerability in Cisco Hosted Collaboration Mediation Fulfillment
A cross-site request forgery (CSRF) vulnerability in the web interface of the Cisco Hosted Collaboration Mediation Fulfillment application could allow an unauthenticated, remote attacker to execute unwanted actions.
network
low complexity
cisco CWE-352
6.5
2016-11-03 CVE-2016-6451 Cross-site Scripting vulnerability in Cisco Prime Collaboration Provisioning 10.6.0
Multiple vulnerabilities in the web framework code of the Cisco Prime Collaboration Provisioning could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against the user of the web interface of the affected system.
network
low complexity
cisco CWE-79
6.1
2016-11-03 CVE-2016-6429 Cross-site Scripting vulnerability in Cisco IP Interoperability and Collaboration System 4.10(1)
A vulnerability in the web framework code of the Cisco IP Interoperability and Collaboration System (IPICS) could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack.
network
low complexity
cisco CWE-79
6.1
2016-10-28 CVE-2016-1423 Cross-site Scripting vulnerability in Cisco Email Security Appliance
A vulnerability in the display of email messages in the Messages in Quarantine (MIQ) view in Cisco AsyncOS for Cisco Email Security Appliance (ESA) could allow an unauthenticated, remote attacker to cause a user to click a malicious link in the MIQ view.
network
low complexity
cisco CWE-79
6.1
2016-10-27 CVE-2016-6440 Improper Input Validation vulnerability in Cisco Unified Communications Manager 11.5(0.99838.4)
The Cisco Unified Communications Manager (CUCM) may be vulnerable to data that can be displayed inside an iframe within a web page, which in turn could lead to a clickjacking attack.
network
low complexity
cisco CWE-20
6.5
2016-10-27 CVE-2016-6438 Permissions, Privileges, and Access Controls vulnerability in Cisco IOS XE
A vulnerability in Cisco IOS XE Software running on Cisco cBR-8 Converged Broadband Routers could allow an unauthenticated, remote attacker to cause a configuration integrity change to the vty line configuration on an affected device.
network
high complexity
cisco CWE-264
5.9
2016-10-27 CVE-2016-6437 Resource Management Errors vulnerability in Cisco Wide Area Application Services
A vulnerability in the SSL session cache management of Cisco Wide Area Application Services (WAAS) could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition due to high consumption of disk space.
network
high complexity
cisco CWE-399
5.9
2016-10-06 CVE-2016-6436 Cross-site Scripting vulnerability in Cisco Hostscan Engine
Cross-site scripting (XSS) vulnerability in HostScan Engine 3.0.08062 through 3.1.14018 in the Cisco Host Scan package, as used in ASA Web VPN, allows remote attackers to inject arbitrary web script or HTML via a crafted URL, aka Bug ID CSCuz14682.
network
low complexity
cisco CWE-79
6.1
2016-10-06 CVE-2016-6435 Information Exposure vulnerability in Cisco Secure Firewall Management Center 6.0.1
The web console in Cisco Firepower Management Center 6.0.1 allows remote authenticated users to read arbitrary files via crafted parameters, aka Bug ID CSCva30376.
network
low complexity
cisco CWE-200
6.5
2016-10-06 CVE-2016-6425 Cross-site Scripting vulnerability in Cisco products
Cross-site scripting (XSS) vulnerability in Cisco Unified Intelligence Center (CUIC) 8.5.4 through 9.1(1), as used in Unified Contact Center Express 10.0(1) through 11.0(1), allows remote attackers to inject arbitrary web script or HTML via a crafted URL, aka Bug IDs CSCuy75020 and CSCuy81652.
network
low complexity
cisco CWE-79
6.1