Vulnerabilities > Cisco > Secure Firewall Management Center > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2017-02-22 | CVE-2017-3847 | Cross-site Scripting vulnerability in Cisco Secure Firewall Management Center 6.2.1 A vulnerability in the web framework of Cisco Firepower Management Center could allow an authenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web interface. | 5.4 |
| 2017-02-03 | CVE-2017-3814 | Improper Input Validation vulnerability in Cisco Secure Firewall Management Center A vulnerability in Cisco Firepower System Software could allow an unauthenticated, remote attacker to maliciously bypass the appliance's ability to block certain web content, aka a URL Bypass. | 5.8 |
| 2017-02-03 | CVE-2017-3809 | Improper Input Validation vulnerability in Cisco Secure Firewall Management Center 6.1.0/6.2.0 A vulnerability in the Policy deployment module of the Cisco Firepower Management Center (FMC) could allow an unauthenticated, remote attacker to prevent deployment of a complete and accurate rule base. | 5.8 |
| 2016-10-06 | CVE-2016-6435 | Information Exposure vulnerability in Cisco Secure Firewall Management Center 6.0.1 The web console in Cisco Firepower Management Center 6.0.1 allows remote authenticated users to read arbitrary files via crafted parameters, aka Bug ID CSCva30376. | 6.5 |
| 2016-08-23 | CVE-2016-6365 | Cross-site Scripting vulnerability in Cisco Secure Firewall Management Center Cross-site scripting (XSS) vulnerability in Cisco Firepower Management Center 4.10.3, 5.2.0, 5.3.0, 5.3.0.2, 5.3.1, and 5.4.0 allows remote attackers to inject arbitrary web script or HTML via unspecified parameters, aka Bug IDs CSCur25508 and CSCur25518. | 6.1 |
| 2016-06-18 | CVE-2016-1431 | Cross-site Scripting vulnerability in Cisco Secure Firewall Management Center Cross-site scripting (XSS) vulnerability in Cisco Firepower Management Center 4.10.3, 5.2.0, 5.3.0, 5.3.1, and 5.4.0 allows remote attackers to inject arbitrary web script or HTML via a crafted URL, aka Bug ID CSCur25516. | 6.1 |
| 2016-05-28 | CVE-2016-1413 | Code Injection vulnerability in Cisco Secure Firewall Management Center The web interface in Cisco Firepower Management Center 5.4.0 through 6.0.0.1 allows remote authenticated users to modify pages by placing crafted code in a parameter value, aka Bug ID CSCuy76517. | 6.5 |
| 2016-02-26 | CVE-2016-1342 | Information Exposure vulnerability in Cisco Secure Firewall Management Center The device login page in Cisco FirePOWER Management Center 5.3 through 6.0.0.1 allows remote attackers to obtain potentially sensitive software-version information by reading help files, aka Bug ID CSCuy36654. | 5.3 |