Vulnerabilities > Cisco > Spark
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2017-10-05 | CVE-2017-12269 | Cross-site Scripting vulnerability in Cisco Spark A vulnerability in the web UI of Cisco Spark Messaging Software could allow an authenticated, remote attacker to perform a stored cross-site scripting (XSS) attack. | 3.5 |
| 2016-02-12 | CVE-2016-1324 | Permissions, Privileges, and Access Controls vulnerability in Cisco Spark 201506Base The REST interface in Cisco Spark 2015-06 allows remote attackers to cause a denial of service (resource outage) by accessing an administrative page, aka Bug ID CSCuv84125. | 5.0 |
| 2016-02-12 | CVE-2016-1323 | Information Exposure vulnerability in Cisco Spark 201506Base The REST interface in Cisco Spark 2015-06 allows remote authenticated users to obtain sensitive information via a request for an unspecified file, aka Bug ID CSCuv84048. | 4.0 |
| 2016-02-12 | CVE-2016-1322 | Permissions, Privileges, and Access Controls vulnerability in Cisco Spark 20150704Base The REST interface in Cisco Spark 2015-07-04 allows remote attackers to bypass intended access restrictions and create arbitrary user accounts via unspecified web requests, aka Bug ID CSCuv72584. | 5.0 |
| 2015-09-24 | CVE-2015-6303 | Information Exposure vulnerability in Cisco Spark 20150704Base The Cisco Spark application 2015-07-04 for mobile operating systems does not properly verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate, aka Bug IDs CSCut36742 and CSCut36844. | 4.3 |