CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 0CVE-2017-12349
https://notcve.org/view.php?id=CVE-2017-12349
Multiple vulnerabilities in the web-based management interface of Cisco UCS Central Software could allow a remote attacker to conduct a cross-site scripting (XSS) attack against a user of the affected interface or hijack a valid session ID from a user of the affected interface. Cisco Bug IDs: CSCvf71978, CSCvf71986. Múltiples vulnerabilidades en la interfaz de gestión web de Cisco UCS Central Software podría permitir que un atacante remoto lleve a cabo un ataque de Cross-Site Scripting (XSS) contra un usuario de la interfaz web o que secuestre un ID de sesión válido de un usuario del software afectado. Cisco Bug IDs: CSCvf71978, CSCvf71986. • http://www.securityfocus.com/bid/102018 http://www.securitytracker.com/id/1039924 https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171129-ucs-central • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 0CVE-2017-12348
https://notcve.org/view.php?id=CVE-2017-12348
Multiple vulnerabilities in the web-based management interface of Cisco UCS Central Software could allow a remote attacker to conduct a cross-site scripting (XSS) attack against a user of the affected interface or hijack a valid session ID from a user of the affected interface. Cisco Bug IDs: CSCvf71978, CSCvf71986. Múltiples vulnerabilidades en la interfaz de gestión web de Cisco UCS Central Software podría permitir que un atacante remoto lleve a cabo un ataque de Cross-Site Scripting (XSS) contra un usuario de la interfaz web o que secuestre un ID de sesión válido de un usuario del software afectado. Cisco Bug IDs: CSCvf71978, CSCvf71986. • http://www.securityfocus.com/bid/102018 http://www.securitytracker.com/id/1039924 https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171129-ucs-central • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0CVE-2016-1401
https://notcve.org/view.php?id=CVE-2016-1401
Cross-site scripting (XSS) vulnerability in the management interface in Cisco Unified Computing System (UCS) Central Software 1.4(1a) allows remote attackers to inject arbitrary web script or HTML via a crafted value, aka Bug ID CSCuy91250. Vulnerabilidad de XSS en la interfaz de administración en Cisco Unified Computing System (UCS) Central Software 1.4(1a) permite a atacantes remotos inyectar secuencias de comandos web o HTML arbitrarios a través de un valor manipulado, también conocida como Bug ID CSCuy91250. • http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160517-ucs http://www.securitytracker.com/id/1035933 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2016-1352
https://notcve.org/view.php?id=CVE-2016-1352
Cisco Unified Computing System (UCS) Central Software 1.3(1b) and earlier allows remote attackers to execute arbitrary OS commands via a crafted HTTP request, aka Bug ID CSCuv33856. Cisco Unified Computing System (UCS) Central Software 1.3(1b) y versiones anteriores permite a atacantes remotos ejecutar comandos del SO arbitrarios a través de una petición HTTP manipulada, también conocida como Bug ID CSCuv33856. • http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160413-ucs http://www.securitytracker.com/id/1035565 • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 0CVE-2015-6387
https://notcve.org/view.php?id=CVE-2015-6387
Cross-site scripting (XSS) vulnerability in Cisco Unified Computing System (UCS) Central Software 1.3(0.1) allows remote attackers to inject arbitrary web script or HTML via a crafted value in a URL, aka Bug ID CSCux33573. Vulnerabilidad de XSS en Cisco Unified Computing System (UCS) Central Software 1.3 (0.1) permite a atacantes remotos inyectar secuencias de comandos web o HTML arbitrarios a través de un valor manipulado en una URL, también conocida como Bug ID CSCux33573. • http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20151201-ucs http://www.securitytracker.com/id/1034275 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •