Vulnerabilities > Cisco > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-01-14 | CVE-2022-20643 | Cross-site Scripting vulnerability in Cisco Security Manager Multiple vulnerabilities in the web-based management interface of Cisco Security Manager could allow an unauthenticated, remote attacker to conduct cross-site scripting attacks against a user of the interface. | 6.1 |
| 2022-01-14 | CVE-2022-20644 | Cross-site Scripting vulnerability in Cisco Security Manager Multiple vulnerabilities in the web-based management interface of Cisco Security Manager could allow an unauthenticated, remote attacker to conduct cross-site scripting attacks against a user of the interface. | 6.1 |
| 2022-01-14 | CVE-2022-20645 | Cross-site Scripting vulnerability in Cisco Security Manager Multiple vulnerabilities in the web-based management interface of Cisco Security Manager could allow an unauthenticated, remote attacker to conduct cross-site scripting attacks against a user of the interface. | 6.1 |
| 2022-01-14 | CVE-2022-20646 | Cross-site Scripting vulnerability in Cisco Security Manager Multiple vulnerabilities in the web-based management interface of Cisco Security Manager could allow an unauthenticated, remote attacker to conduct cross-site scripting attacks against a user of the interface. | 6.1 |
| 2022-01-14 | CVE-2022-20647 | Cross-site Scripting vulnerability in Cisco Security Manager Multiple vulnerabilities in the web-based management interface of Cisco Security Manager could allow an unauthenticated, remote attacker to conduct cross-site scripting attacks against a user of the interface. | 6.1 |
| 2022-01-14 | CVE-2022-20660 | Cleartext Storage of Sensitive Information vulnerability in Cisco products A vulnerability in the information storage architecture of several Cisco IP Phone models could allow an unauthenticated, physical attacker to obtain confidential information from an affected device. | 4.6 |
| 2021-12-28 | CVE-2021-44832 | Improper Input Validation vulnerability in multiple products Apache Log4j2 versions 2.0-beta7 through 2.17.0 (excluding security fix releases 2.3.2 and 2.12.4) are vulnerable to a remote code execution (RCE) attack when a configuration uses a JDBC Appender with a JNDI LDAP data source URI when an attacker has control of the target LDAP server. | 6.6 |
| 2021-11-19 | CVE-2021-40129 | SQL Injection vulnerability in Cisco Common Services Platform Collector A vulnerability in the configuration dashboard of Cisco Common Services Platform Collector (CSPC) could allow an authenticated, remote attacker to submit a SQL query through the CSPC configuration dashboard. | 4.9 |
| 2021-11-19 | CVE-2021-40130 | Unspecified vulnerability in Cisco Common Services Platform Collector A vulnerability in the web application of Cisco Common Services Platform Collector (CSPC) could allow an authenticated, remote attacker to specify non-log files as sources for syslog reporting. | 4.9 |
| 2021-11-19 | CVE-2021-40131 | Cross-site Scripting vulnerability in Cisco Common Services Platform Collector A vulnerability in the web-based management interface of Cisco Common Services Platform Collector (CSPC) could allow an authenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the interface. | 5.4 |