Vulnerabilities > Cisco > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2016-02-07 | CVE-2016-1309 | Cross-site Scripting vulnerability in Cisco Webex Meetings Server 2.5.1.5 Multiple cross-site scripting (XSS) vulnerabilities in Cisco WebEx Meetings Server 2.5.1.5 allow remote attackers to inject arbitrary web script or HTML via unspecified parameters, aka Bug ID CSCuy01843. | 4.3 |
| 2016-02-07 | CVE-2016-1308 | SQL Injection vulnerability in Cisco Unified Communications Manager 10.5(2.13900.9) SQL injection vulnerability in Cisco Unified Communications Manager 10.5(2.13900.9) allows remote authenticated users to execute arbitrary SQL commands via a crafted URL, aka Bug ID CSCux99227. | 6.5 |
| 2016-02-07 | CVE-2016-1307 | Credentials Management vulnerability in Cisco Finesse and Unified Contact Center Express The Openfire server in Cisco Finesse Desktop 10.5(1) and 11.0(1) and Unified Contact Center Express 10.6(1) has a hardcoded account, which makes it easier for remote attackers to obtain access via an XMPP session, aka Bug ID CSCuw79085. | 5.5 |
| 2016-02-07 | CVE-2016-1305 | Cross-site Scripting vulnerability in Cisco Application Policy Infrastructure Controller Enterprise Module 1.1Base Cross-site scripting (XSS) vulnerability in Cisco Application Policy Infrastructure Controller Enterprise Module (APIC-EM) 1.1 allows remote attackers to inject arbitrary web script or HTML via vectors involving HTML entities, aka Bug ID CSCux15511. | 4.3 |
| 2016-02-06 | CVE-2016-1311 | Cross-site Scripting vulnerability in Cisco Jabber Guest 10.6.8 Cross-site scripting (XSS) vulnerability in the management interface in Cisco Jabber Guest Server 10.6(8) allows remote attackers to inject arbitrary web script or HTML via the host tag parameter, aka Bug ID CSCuy08224. | 4.3 |
| 2016-02-06 | CVE-2016-1310 | Cross-site Scripting vulnerability in Cisco Unity Connection 11.5(0.199) Cross-site scripting (XSS) vulnerability in Cisco Unity Connection 11.5(0.199) allows remote attackers to inject arbitrary web script or HTML via a crafted URL, aka Bug ID CSCuy09033. | 4.3 |
| 2016-02-06 | CVE-2016-1306 | Cross-site Scripting vulnerability in Cisco FOG Director 1.0(0) Multiple cross-site scripting (XSS) vulnerabilities in Cisco Fog Director 1.0(0) allow remote attackers to inject arbitrary web script or HTML via a crafted parameter, aka Bug ID CSCux80466. | 4.3 |
| 2016-01-30 | CVE-2016-1304 | Cross-site Scripting vulnerability in Cisco Unity Connection 10.5(2.3009) Cross-site scripting (XSS) vulnerability in Cisco Unity Connection 10.5(2.3009) allows remote attackers to inject arbitrary web script or HTML via a crafted value, aka Bug ID CSCux82596. | 4.3 |
| 2016-01-27 | CVE-2016-1300 | Cross-site Scripting vulnerability in Cisco Unity Connection 10.5(2.3009) Cross-site scripting (XSS) vulnerability in Cisco Unity Connection (UC) 10.5(2.3009) allows remote attackers to inject arbitrary web script or HTML via a crafted URL, aka Bug ID CSCux82582. | 4.3 |
| 2016-01-27 | CVE-2016-1299 | Resource Management Errors vulnerability in Cisco 300 Series Managed Switch Firmware 1.4.1 The web-management GUI implementation on Cisco Small Business SG300 devices 1.4.1.x allows remote attackers to cause a denial of service (HTTPS outage) via crafted HTTPS requests, aka Bug ID CSCuw87174. | 5.0 |