Vulnerabilities > Cisco > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2013-02-15 | CVE-2013-1123 | Cross-Site Scripting vulnerability in Cisco Unified Meetingplace 7.0 Multiple cross-site scripting (XSS) vulnerabilities in the server in Cisco Unified MeetingPlace 7.0 allow remote attackers to inject arbitrary web script or HTML via unspecified parameters, aka Bug IDs CSCuc65411 and CSCue18706. | 4.3 |
| 2013-02-13 | CVE-2013-1131 | Unspecified vulnerability in Cisco Small Business Wireless Access Ppoints Cisco Small Business Wireless Access Points WAP200, WAP2000, WAP200E, and WET200 allow remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted SSID that is not properly handled during a site survey, aka Bug IDs CSCua86182, CSCua91196, CSCud36155, and CSCua86190. | 6.4 |
| 2013-02-13 | CVE-2013-1122 | Improper Input Validation vulnerability in Cisco Nexus 7000 and Nx-Os Cisco NX-OS on the Nexus 7000, when a certain Overlay Transport Virtualization (OTV) configuration is used, allows remote attackers to cause a denial of service (M1-Series module reload) via crafted packets, aka Bug ID CSCud15673. | 5.0 |
| 2013-02-13 | CVE-2013-1114 | Cross-Site Scripting vulnerability in Cisco Unity Express Software Multiple cross-site scripting (XSS) vulnerabilities in Cisco Unity Express before 8.0 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors, aka Bug ID CSCud87527. | 4.3 |
| 2013-02-13 | CVE-2013-1100 | Resource Management Errors vulnerability in Cisco IOS The HTTP server in Cisco IOS on Catalyst switches does not properly handle TCP socket events, which allows remote attackers to cause a denial of service (device crash) via crafted packets on TCP port (1) 80 or (2) 443, aka Bug ID CSCuc53853. | 5.4 |
| 2013-02-06 | CVE-2013-1120 | Cross-Site Request Forgery (CSRF) vulnerability in Cisco Unity Express and Unity Express Software Multiple cross-site request forgery (CSRF) vulnerabilities on the Cisco Unity Express with software before 8.0 allow remote attackers to hijack the authentication of unspecified victims via unknown vectors, aka Bug ID CSCue35910. | 6.8 |
| 2013-02-06 | CVE-2013-1107 | Information Exposure vulnerability in Cisco Webex Social The search function in Cisco Webex Social (formerly Cisco Quad) allows remote authenticated users to read files via unspecified parameters, aka Bug ID CSCud40235. | 4.0 |
| 2013-01-31 | CVE-2013-1113 | Cross-Site Scripting vulnerability in Cisco Unified Communications Domain Manager Cross-site scripting (XSS) vulnerability in Cisco Unified Communications Domain Manager allows remote attackers to inject arbitrary web script or HTML via a crafted parameter value, aka Bug ID CSCue21042. | 4.3 |
| 2013-01-31 | CVE-2013-1112 | Improper Input Validation vulnerability in Cisco Carrier Routing System Cisco Carrier Routing System (CRS) allows remote attackers to cause a denial of service (packet loss) via short malformed packets that trigger inefficient processing, aka Bug ID CSCud79136. | 5.0 |
| 2013-01-31 | CVE-2012-6029 | Cross-Site Scripting vulnerability in Cisco NAC Appliance Multiple cross-site scripting (XSS) vulnerabilities in the web-authentication function on the Cisco NAC Appliance 4.9.2 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) cm or (2) uri parameters to (a) perfigo_weblogin.jsp, or the (3) cm, (4) provider, (5) session, (6) uri, (7) userip, or (8) username parameters to (b) perfigo_cm_validate.jsp, aka Bug ID CSCud15109. | 4.3 |