CVSS: 6.1EPSS: 0%CPEs: 2EXPL: 0CVE-2016-1293
https://notcve.org/view.php?id=CVE-2016-1293
16 Jan 2016 — Multiple cross-site scripting (XSS) vulnerabilities in the Management Center in Cisco FireSIGHT System Software 6.0.0 and 6.0.1 allow remote attackers to inject arbitrary web script or HTML via unspecified parameters, aka Bug ID CSCux40414. Múltiples vulnerabilidades de XSS en el Management Center en Cisco FireSIGHT System Software 6.0.0 y 6.0.1 permiten a atacantes remotos inyectar secuencias de comandos web o HTML arbitrarios a través de parámetros no especificados, también conocida como Bug ID CSCux40414... • http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160115-FireSIGHT • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.0EPSS: 0%CPEs: 20EXPL: 0CVE-2015-6427
https://notcve.org/view.php?id=CVE-2015-6427
18 Dec 2015 — Cisco FireSIGHT Management Center allows remote attackers to bypass the HTTP attack detection feature and avoid triggering Snort IDS rules via an SSL session that is mishandled after decryption, aka Bug ID CSCux53437. Cisco FireSIGHT Management Center permite a atacantes remotos eludir la funcionalidad de detección de ataques HTTP y evitar desencadenar las reglas del IDS Snort a través de una sesión SSL que no es manejada adecuadamente después del desencritado, también conocido como Bug ID CSCux53437. • http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20151217-fsm • CWE-254: 7PK - Security Features •
CVSS: 5.4EPSS: 0%CPEs: 2EXPL: 0CVE-2015-6363
https://notcve.org/view.php?id=CVE-2015-6363
12 Nov 2015 — Multiple cross-site scripting (XSS) vulnerabilities in the web framework in Cisco FireSIGHT Management Center (MC) 5.4.1.4 and 6.0.1 allow remote authenticated users to inject arbitrary web script or HTML via unspecified parameters, aka Bug ID CSCuw88396. Múltiples vulnerabilidades de XSS en el web framework en Cisco FireSIGHT Management Center (MC) 5.4.1.4 y 6.0.1 permite a usuarios remotos autenticados inyectar secuencias de comandos web o HTML arbitrarios a través de parámetros no especificados, también ... • http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20151111-fmc • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.4EPSS: 0%CPEs: 2EXPL: 0CVE-2015-6354
https://notcve.org/view.php?id=CVE-2015-6354
31 Oct 2015 — Multiple cross-site scripting (XSS) vulnerabilities in Cisco FireSight Management Center (MC) 5.4.1.3 and 6.0 allow remote authenticated users to inject arbitrary web script or HTML via unspecified parameters, aka Bug ID CSCuv73338. Múltiples vulnerabilidades de XSS en Cisco FireSight Management Center (MC) 5.4.1.3 y 6.0 permite a usuarios remotos autenticados inyectar secuencias de comandos web o HTML arbitrarios a través de parámetros no especificados, también conocido como Bug ID CSCuv73338. • http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20151029-fsmc2 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 9.0EPSS: 1%CPEs: 3EXPL: 0CVE-2015-6335
https://notcve.org/view.php?id=CVE-2015-6335
25 Oct 2015 — The policy implementation in Cisco FireSIGHT Management Center 5.3.1.7, 5.4.0.4, and 6.0.0 for VMware allows remote authenticated administrators to bypass intended policy restrictions and execute Linux commands as root via unspecified vectors, aka Bug ID CSCuw12839. La implementación de policy en Cisco FireSIGHT Management Center 5.3.1.7, 5.4.0.4 y 6.0.0 para VMware permite a administradores remotos autenticados eludir las restricciones destinadas a policy y ejecutar comandos Linux como root a través de vec... • http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20151016-fmc • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 6.1EPSS: 0%CPEs: 2EXPL: 0CVE-2015-4270
https://notcve.org/view.php?id=CVE-2015-4270
14 Jul 2015 — Multiple cross-site scripting (XSS) vulnerabilities in Cisco FireSIGHT System Software 5.3.1.5 and 6.0.0 allow remote attackers to inject arbitrary web script or HTML via a crafted URL, aka Bug IDs CSCuv22557, CSCuv22583, CSCuv22632, CSCuv22641, CSCuv22650, CSCuv22662, CSCuv22697, and CSCuv22702. Múltiples vulnerabilidades de secuencias de comandos en sitios cruzados (XXS) en Cisco FireSIGHT System Software 5.3.1.5 y 6.0.0, permite a atacantes remotos inyectar arbitrariamente secuencias de comandos web o HT... • http://tools.cisco.com/security/center/viewAlert.x?alertId=39879 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 8.8EPSS: 0%CPEs: 2EXPL: 0CVE-2015-4242
https://notcve.org/view.php?id=CVE-2015-4242
08 Jul 2015 — Cross-site request forgery (CSRF) vulnerability in Cisco FireSIGHT System Software 5.4.1.2 and 6.0.0 in FireSIGHT Management Center allows remote attackers to hijack the authentication of arbitrary users, aka Bug ID CSCuu94721. Vulnerabilidad de CSRF en Cisco FireSIGHT System Software 5.4.1.2 y 6.0.0 en FireSIGHT Management Center permite a atacantes remotos secuestrar la autenticación de usuarios arbitrarios, también conocido como Bug ID CSCuu94721. • http://tools.cisco.com/security/center/viewAlert.x?alertId=39643 • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 6.5EPSS: 0%CPEs: 2EXPL: 0CVE-2015-0773
https://notcve.org/view.php?id=CVE-2015-0773
12 Jun 2015 — Cisco FireSIGHT System Software 5.3.1.3 and 6.0.0 allows remote authenticated users to delete an arbitrary user's dashboard via a modified VPN deletion request in a management session, aka Bug ID CSCut67078. Cisco FireSIGHT System Software 5.3.1.3 y 6.0.0 permite a usuarios remotos autenticados eliminar el panel de control de un usuarios arbitrario a través de una solicitud de eliminación VPN modificada en una sesión de gestión, también conocida como Bug ID CSCut67078. • http://tools.cisco.com/security/center/viewAlert.x?alertId=39256 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0CVE-2015-0766
https://notcve.org/view.php?id=CVE-2015-0766
04 Jun 2015 — Multiple cross-site scripting (XSS) vulnerabilities in the administrative web interface in the Management Center component in Cisco FireSIGHT System Software 6.0.0 allow remote attackers to inject arbitrary web script or HTML via unspecified fields, aka Bug IDs CSCus93566, CSCut31557, and CSCut47196. Múltiples vulnerabilidades de XSS en la interfaz web administrativa en el componente Management Center en Cisco FireSIGHT System Software 6.0.0 permiten a atacantes remotos inyectar secuencias de comandos web a... • http://tools.cisco.com/security/center/viewAlert.x?alertId=39171 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 0%CPEs: 3EXPL: 0CVE-2015-0706
https://notcve.org/view.php?id=CVE-2015-0706
23 Apr 2015 — Open redirect vulnerability in Cisco FireSIGHT System Software 5.3.1.1, 5.3.1.2, and 6.0.0 in FireSIGHT Management Center allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a crafted HTTP header, aka Bug IDs CSCut06060, CSCut06056, and CSCus98966. Vulnerabilidad de la redirección abierta en Cisco FireSIGHT System Software 5.3.1.1, 5.3.1.2, y 6.0.0 en FireSIGHT Management Center permite a atacantes remotos redirigir usuarios hacia sitios web arbitrarios y realiz... • http://tools.cisco.com/security/center/viewAlert.x?alertId=38486 •