4 results (0.013 seconds)

CVSS: 8.8EPSS: 0%CPEs: 26EXPL: 0

The RBAC implementation in Cisco ASA-CX Content-Aware Security software before 9.3.1.1(112) and Cisco Prime Security Manager (PRSM) software before 9.3.1.1(112) allows remote authenticated users to change arbitrary passwords via a crafted HTTP request, aka Bug ID CSCuo94842. La implementación RBAC en Cisco ASA-CX Content-Aware Security software anterior a 9.3.1.1(112) y Cisco Prime Security Manager (PRSM) software anterior a 9.3.1.1(112) permite a usuarios remotos autenticados cambiar contraseñas arbitrarias a través de una petición HTTP manipulada, también conocido como Bug ID CSCuo94842. • http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160203-prsm http://www.securitytracker.com/id/1034926 http://www.securitytracker.com/id/1034927 • CWE-284: Improper Access Control •

CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 0

Multiple cross-site scripting (XSS) vulnerabilities in Cisco Prime Security Manager (PRSM) 9.2(.1-2) and earlier allow remote attackers to inject arbitrary web script or HTML via crafted input to the (1) Dashboard or (2) Configure Realm page, aka Bug ID CSCuo94808. Múltiples vulnerabilidades de XSS en Cisco Prime Security Manager (PRSM) 9.2(.1-2) y anteriores permiten a atacantes remotos inyectar secuencias de comandos web arbitrarios o HTML a través de entradas manipuladas en la página (1) Dashboard o (2) Configure Realm, también conocido como Bug ID CSCuo94808. • http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-3365 http://tools.cisco.com/security/center/viewAlert.x?alertId=37418 http://www.securitytracker.com/id/1031716 https://exchange.xforce.ibmcloud.com/vulnerabilities/100756 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 0

Multiple cross-site scripting (XSS) vulnerabilities in the web framework in Cisco Prime Security Manager (aka PRSM) 9.2.1-2 and earlier allow remote attackers to inject arbitrary web script or HTML via a (1) Access Policies or (2) Device Summary Dashboard parameter, aka Bug ID CSCuq80661. Múltiples vulnerabilidades de XSS en el Framework web de Cisco Prime Security Manager 9.2.1-2 y anteriores (también conocido como PRSM) permiten a atacantes remotos inyectar secuencias de comandos web o HTML arbitrarios a través de los parámetros (1) Access Policies o (2) Device Summary Dashboard, también conocido como Bug ID CSCuq80661. • http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-3364 http://tools.cisco.com/security/center/viewAlert.x?alertId=36741 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 4.3EPSS: 0%CPEs: 10EXPL: 0

Multiple cross-site scripting (XSS) vulnerabilities in dashboard-related HTML documents in Cisco Prime Security Manager (aka PRSM) 9.2(.1-2) and earlier allow remote attackers to inject arbitrary web script or HTML via unspecified parameters, aka Bug ID CSCun50687. Múltiples vulnerabilidades de XSS en documentos HTML relacionados con el cuadro de mandos en Cisco Prime Security Manager (también conocido como PRSM) 9.2(.1-2) y anteriores permiten a atacantes remotos inyectar script Web o HTML arbitrarios a través de parámetros no especificados, también conocido como Bug ID CSCun50687. • http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-2118 http://tools.cisco.com/security/center/viewAlert.x?alertId=33542 http://www.securityfocus.com/bid/66488 http://www.securitytracker.com/id/1029968 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •