Vulnerabilities > Cisco > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2015-04-22 | CVE-2015-0705 | Cross-Site Request Forgery (CSRF) vulnerability in Cisco Unified Meetingplace 8.6(1.9) Cross-site request forgery (CSRF) vulnerability in the SOAP API endpoints of the web-services directory in Cisco Unified MeetingPlace 8.6(1.9) allows remote attackers to hijack the authentication of administrators for requests that create administrative accounts, aka Bug ID CSCus97494. | 6.8 |
| 2015-04-22 | CVE-2015-0704 | Cross-Site Request Forgery (CSRF) vulnerability in Cisco Unified Meetingplace 8.6(1.9) Multiple cross-site request forgery (CSRF) vulnerabilities in API features in Cisco Unified MeetingPlace 8.6(1.9) allow remote attackers to hijack the authentication of arbitrary users, aka Bug ID CSCus95884. | 6.8 |
| 2015-04-21 | CVE-2015-0703 | Cross-site Scripting vulnerability in Cisco Unified Meetingplace 8.6(1.9) Cross-site scripting (XSS) vulnerability in the administrative web interface in Cisco Unified MeetingPlace 8.6(1.9) allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, aka Bug ID CSCus95857. | 4.3 |
| 2015-04-17 | CVE-2015-0700 | Cross-Site Request Forgery (CSRF) vulnerability in Cisco Secure Access Control Server Solution Engine 5.4.0.46.6/5.5.0.36/5.5.0.46.4 Cross-site request forgery (CSRF) vulnerability in the Dashboard page in the monitoring-and-report section in Cisco Secure Access Control Server Solution Engine before 5.5(0.46.5) allows remote attackers to hijack the authentication of arbitrary users, aka Bug ID CSCuj62924. | 6.8 |
| 2015-04-15 | CVE-2015-0699 | SQL Injection vulnerability in Cisco Unified Communications Domain Manager 10.5(1.98991.13) SQL injection vulnerability in the Interactive Voice Response (IVR) component in Cisco Unified Communications Manager (UCM) 10.5(1.98991.13) allows remote attackers to execute arbitrary SQL commands via unspecified vectors, aka Bug ID CSCut21563. | 5.0 |
| 2015-04-15 | CVE-2015-0698 | Cross-site Scripting vulnerability in Cisco web Security Appliance Multiple cross-site scripting (XSS) vulnerabilities in filter search forms in admin web pages on Cisco Web Security Appliance (WSA) devices with software 8.5.0-497 allow remote attackers to inject arbitrary web script or HTML via a crafted URL, aka Bug ID CSCut39213. | 4.3 |
| 2015-04-15 | CVE-2015-0697 | Open Redirect vulnerability in Cisco Telepresence TC Software Open redirect vulnerability in the login page in Cisco TC Software before 6.3-26 and 7.x before 7.3.0 on Cisco TelePresence Collaboration Desk and Room Endpoints devices allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors, aka Bug ID CSCuq94980. | 5.8 |
| 2015-04-15 | CVE-2015-0696 | Cross-site Scripting vulnerability in Cisco Telepresence TC Software Cross-site scripting (XSS) vulnerability in the login page in Cisco TC Software before 7.1.0 on Cisco TelePresence Collaboration Desk and Room Endpoints devices allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, aka Bug ID CSCuq94977. | 4.3 |
| 2015-04-11 | CVE-2015-0694 | Improper Access Control vulnerability in Cisco products Cisco ASR 9000 devices with software 5.3.0.BASE do not recognize that certain ACL entries have a single-host constraint, which allows remote attackers to bypass intended network-resource access restrictions by using an address that was not supposed to have been allowed, aka Bug ID CSCur28806. | 5.0 |
| 2015-04-07 | CVE-2015-0690 | Cross-site Scripting vulnerability in Cisco Wireless LAN Controller Software Cross-site scripting (XSS) vulnerability in the HTML help system on Cisco Wireless LAN Controller (WLC) devices before 8.0 allows remote attackers to inject arbitrary web script or HTML via a crafted URL, aka Bug ID CSCun95178. | 4.3 |