Vulnerabilities > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2017-07-04 | CVE-2017-6701 | Cross-site Scripting vulnerability in Cisco Identity Services Engine 2.1(102.101) A vulnerability in the web application interface of the Cisco Identity Services Engine (ISE) portal could allow an unauthenticated, remote attacker to conduct a stored cross-site scripting (XSS) attack against a user of the web interface of an affected system. | 6.1 |
| 2017-07-04 | CVE-2017-6700 | Cross-site Scripting vulnerability in Cisco Prime Infrastructure 2.0(4.0.45B)/3.1(1) A vulnerability in the web-based management interface of Cisco Prime Infrastructure (PI) and Evolved Programmable Network Manager (EPNM) could allow an unauthenticated, remote attacker to conduct a Document Object Model (DOM) based (environment or client-side) cross-site scripting (XSS) attack against a user of the web-based management interface of an affected device. | 6.1 |
| 2017-07-04 | CVE-2017-6699 | Cross-site Scripting vulnerability in Cisco products A vulnerability in the web-based management interface of Cisco Prime Infrastructure (PI) and Evolved Programmable Network Manager (EPNM) could allow an unauthenticated, remote attacker to conduct a reflected cross-site scripting (XSS) attack against a user of the web-based management interface of an affected device. | 6.1 |
| 2017-07-04 | CVE-2017-6698 | SQL Injection vulnerability in Cisco Prime Infrastructure 2.0(4.0.45B)/3.1(1) A vulnerability in the Cisco Prime Infrastructure (PI) and Evolved Programmable Network Manager (EPNM) SQL database interface could allow an authenticated, remote attacker to impact the confidentiality and integrity of the application by executing arbitrary SQL queries, aka SQL Injection. | 5.4 |
| 2017-07-04 | CVE-2017-6605 | Cross-site Scripting vulnerability in Cisco Identity Services Engine 2.1(0.800) A vulnerability in the web-based management interface of Cisco Identity Services Engine (ISE) could allow an authenticated, remote attacker to conduct a reflective cross-site scripting (XSS) attack against a user of the web-based management interface of an affected device. | 5.4 |
| 2017-07-04 | CVE-2017-3865 | Unspecified vulnerability in Cisco Staros 21.0.0/21.0M0.64246/21.0M0.64702 A vulnerability in the IPsec component of Cisco StarOS for Cisco ASR 5000 Series Routers could allow an unauthenticated, remote attacker to terminate all active IPsec VPN tunnels and prevent new tunnels from establishing, resulting in a denial of service (DoS) condition. | 5.8 |
| 2017-07-03 | CVE-2017-5361 | Unspecified vulnerability in Bestpractical Request Tracker Request Tracker (RT) 4.x before 4.0.25, 4.2.x before 4.2.14, and 4.4.x before 4.4.2 does not use a constant-time comparison algorithm for secrets, which makes it easier for remote attackers to obtain sensitive user password information via a timing side-channel attack. | 5.9 |
| 2017-07-03 | CVE-2016-6201 | Cross-site Scripting vulnerability in Ektron Content Management System 8.7.0/9.1/9.10 Cross-site scripting (XSS) vulnerability in Ektron Content Management System (CMS) before 9.1.0.184 SP3 (9.1.0.184.3.127) allows remote attackers to inject arbitrary web script or HTML via the ContType parameter in a ViewContentByCategory action to WorkArea/content.aspx. | 6.1 |
| 2017-07-03 | CVE-2016-6127 | Cross-site Scripting vulnerability in Bestpractical Request Tracker Cross-site scripting (XSS) vulnerability in Request Tracker (RT) 4.x before 4.0.25, 4.2.x before 4.2.14, and 4.4.x before 4.4.2, when the AlwaysDownloadAttachments config setting is not in use, allows remote attackers to inject arbitrary web script or HTML via a file upload with an unspecified content type. | 6.1 |
| 2017-07-03 | CVE-2017-10798 | Cross-site Scripting vulnerability in Objectplanet Opinio In ObjectPlanet Opinio before 7.6.4, there is XSS. | 6.1 |