Vulnerabilities > Cisco > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2016-02-09 | CVE-2016-1318 | Cross-site Scripting vulnerability in Cisco Application Policy Infrastructure Controller Enterprise Module 1.1Base Cross-site scripting (XSS) vulnerability in Cisco Application Policy Infrastructure Controller Enterprise Module (APIC-EM) 1.1 allows remote attackers to inject arbitrary web script or HTML via crafted markup data, aka Bug ID CSCux15489. | 6.1 |
| 2016-02-09 | CVE-2016-1316 | Information Exposure vulnerability in Cisco Telepresence Video Communication Server Software Cisco TelePresence Video Communication Server (VCS) X8.1 through X8.7, as used in conjunction with Jabber Guest, allows remote attackers to obtain sensitive call-statistics information via a direct request to an unspecified URL, aka Bug ID CSCux73362. | 5.3 |
| 2016-02-07 | CVE-2016-1309 | Cross-site Scripting vulnerability in Cisco Webex Meetings Server 2.5.1.5 Multiple cross-site scripting (XSS) vulnerabilities in Cisco WebEx Meetings Server 2.5.1.5 allow remote attackers to inject arbitrary web script or HTML via unspecified parameters, aka Bug ID CSCuy01843. | 6.1 |
| 2016-02-07 | CVE-2016-1305 | Cross-site Scripting vulnerability in Cisco Application Policy Infrastructure Controller Enterprise Module 1.1Base Cross-site scripting (XSS) vulnerability in Cisco Application Policy Infrastructure Controller Enterprise Module (APIC-EM) 1.1 allows remote attackers to inject arbitrary web script or HTML via vectors involving HTML entities, aka Bug ID CSCux15511. | 6.1 |
| 2016-02-06 | CVE-2016-1311 | Cross-site Scripting vulnerability in Cisco Jabber Guest 10.6.8 Cross-site scripting (XSS) vulnerability in the management interface in Cisco Jabber Guest Server 10.6(8) allows remote attackers to inject arbitrary web script or HTML via the host tag parameter, aka Bug ID CSCuy08224. | 6.1 |
| 2016-01-30 | CVE-2016-1304 | Cross-site Scripting vulnerability in Cisco Unity Connection 10.5(2.3009) Cross-site scripting (XSS) vulnerability in Cisco Unity Connection 10.5(2.3009) allows remote attackers to inject arbitrary web script or HTML via a crafted value, aka Bug ID CSCux82596. | 6.1 |
| 2016-01-27 | CVE-2016-1300 | Cross-site Scripting vulnerability in Cisco Unity Connection 10.5(2.3009) Cross-site scripting (XSS) vulnerability in Cisco Unity Connection (UC) 10.5(2.3009) allows remote attackers to inject arbitrary web script or HTML via a crafted URL, aka Bug ID CSCux82582. | 6.1 |
| 2016-01-27 | CVE-2016-1299 | Resource Management Errors vulnerability in Cisco 300 Series Managed Switch Firmware 1.4.1 The web-management GUI implementation on Cisco Small Business SG300 devices 1.4.1.x allows remote attackers to cause a denial of service (HTTPS outage) via crafted HTTPS requests, aka Bug ID CSCuw87174. | 5.3 |
| 2016-01-26 | CVE-2016-1298 | Cross-site Scripting vulnerability in Cisco Unified Contact Center Express Multiple cross-site scripting (XSS) vulnerabilities in Cisco Unified Contact Center Express 10.0(1), 10.5(1), 10.6(1), and 11.0(1) allow remote attackers to inject arbitrary web script or HTML via vectors related to permalinks, aka Bug ID CSCux92033. | 6.1 |
| 2016-01-26 | CVE-2015-6337 | Cross-site Scripting vulnerability in Cisco Application Policy Infrastructure Controller Enterprise Module 1.0.10/1.0Ga Cross-site scripting (XSS) vulnerability in Cisco Application Policy Infrastructure Controller Enterprise Module (APIC-EM) 1.0.10 allows remote attackers to inject arbitrary web script or HTML via a crafted hostname in an SNMP response, aka Bug ID CSCuw47238. | 6.1 |