Vulnerabilities > Cisco > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2013-07-12 | CVE-2013-3422 | Cross-Site Scripting vulnerability in Cisco Secure Access Control System Cross-site scripting (XSS) vulnerability in Administration pages in Cisco Secure Access Control System (ACS) allows remote attackers to inject arbitrary web script or HTML via an unspecified parameter, aka Bug ID CSCud75165. | 4.3 |
| 2013-07-12 | CVE-2013-3421 | Cross-Site Scripting vulnerability in Cisco Secure Access Control System Cross-site scripting (XSS) vulnerability in the Help index page in Cisco Secure Access Control System (ACS) allows remote attackers to inject arbitrary web script or HTML via an unspecified parameter, aka Bug ID CSCud75170. | 4.3 |
| 2013-07-11 | CVE-2013-3419 | Cross-Site Scripting vulnerability in Cisco Unified Meetingplace web Conferencing Cross-site scripting (XSS) vulnerability in Cisco Unified MeetingPlace Web Conferencing allows remote attackers to inject arbitrary web script or HTML via an unspecified parameter, aka Bug ID CSCuh74981. | 4.3 |
| 2013-07-11 | CVE-2013-3418 | Resource Management Errors vulnerability in Cisco Unified Communications Domain Manager Cisco Unified Communications Domain Manager does not properly allocate memory for GET and POST requests, which allows remote authenticated users to cause a denial of service (memory consumption and process crash) via crafted requests to the management interface, aka Bug ID CSCud22922. | 6.8 |
| 2013-07-10 | CVE-2013-3416 | Cross-Site Scripting vulnerability in Cisco products Cross-site scripting (XSS) vulnerability in the web framework in the unified-communications management implementation in Cisco Unified Operations Manager and Unified Service Monitor allows remote attackers to inject arbitrary web script or HTML via an unspecified parameter, aka Bug IDs CSCuh47574 and CSCuh95997. | 4.3 |
| 2013-07-10 | CVE-2013-3408 | Permissions, Privileges, and Access Controls vulnerability in Cisco products The firmware on Cisco Virtualization Experience Client 6000 devices sets incorrect operating-system permissions, which allows local users to gain privileges via an unspecified sequence of commands, aka Bug ID CSCuc31764. | 6.8 |
| 2013-07-10 | CVE-2013-1132 | Cross-Site Scripting vulnerability in Cisco Unified Communications Domain Manager Multiple cross-site scripting (XSS) vulnerabilities in Cisco Unified Communications Domain Manager allow remote attackers to inject arbitrary web script or HTML via vectors involving the (1) IptAccountMgmt, (2) IptFeatureConfigTemplateMgmt, (3) IptFeatureDisplayPolicyMgmt, or (4) IptProviderMgmt page, aka Bug IDs CSCud69972, CSCud70193, and CSCud70261. | 4.3 |
| 2013-07-10 | CVE-2013-3405 | Permissions, Privileges, and Access Controls vulnerability in Cisco Telepresence TC Software The web portal in TC software on Cisco TelePresence endpoints does not require an exact password match during a login attempt by a user who has not configured a password, which allows remote attackers to bypass authentication by sending an arbitrary password, aka Bug ID CSCud96071. | 4.3 |
| 2013-07-10 | CVE-2013-3400 | Improper Input Validation vulnerability in Cisco Nexus 1000V and Nx-Os The license-installation module in Cisco NX-OS on Nexus 1000V devices allows local users to execute arbitrary commands via crafted "install license" arguments, aka Bug ID CSCuh30824. | 6.8 |
| 2013-07-04 | CVE-2013-3413 | Cross-Site Scripting vulnerability in Cisco Identity Services Engine Software Cross-site scripting (XSS) vulnerability in the search form in the administration/monitoring panel on the Cisco Identity Services Engine (ISE) allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, aka Bug ID CSCuh87036. | 4.3 |