CVSS: 3.5EPSS: 0%CPEs: 2EXPL: 0CVE-2015-6363
https://notcve.org/view.php?id=CVE-2015-6363
Multiple cross-site scripting (XSS) vulnerabilities in the web framework in Cisco FireSIGHT Management Center (MC) 5.4.1.4 and 6.0.1 allow remote authenticated users to inject arbitrary web script or HTML via unspecified parameters, aka Bug ID CSCuw88396. Múltiples vulnerabilidades de XSS en el web framework en Cisco FireSIGHT Management Center (MC) 5.4.1.4 y 6.0.1 permite a usuarios remotos autenticados inyectar secuencias de comandos web o HTML arbitrarios a través de parámetros no especificados, también conocidas como Bug ID CSCuw88396. • http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20151111-fmc http://www.securitytracker.com/id/1034138 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 3.5EPSS: 0%CPEs: 2EXPL: 0CVE-2015-6354
https://notcve.org/view.php?id=CVE-2015-6354
Multiple cross-site scripting (XSS) vulnerabilities in Cisco FireSight Management Center (MC) 5.4.1.3 and 6.0 allow remote authenticated users to inject arbitrary web script or HTML via unspecified parameters, aka Bug ID CSCuv73338. Múltiples vulnerabilidades de XSS en Cisco FireSight Management Center (MC) 5.4.1.3 y 6.0 permite a usuarios remotos autenticados inyectar secuencias de comandos web o HTML arbitrarios a través de parámetros no especificados, también conocido como Bug ID CSCuv73338. • http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20151029-fsmc2 http://www.securitytracker.com/id/1034041 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 9.0EPSS: 0%CPEs: 3EXPL: 0CVE-2015-6335
https://notcve.org/view.php?id=CVE-2015-6335
The policy implementation in Cisco FireSIGHT Management Center 5.3.1.7, 5.4.0.4, and 6.0.0 for VMware allows remote authenticated administrators to bypass intended policy restrictions and execute Linux commands as root via unspecified vectors, aka Bug ID CSCuw12839. La implementación de policy en Cisco FireSIGHT Management Center 5.3.1.7, 5.4.0.4 y 6.0.0 para VMware permite a administradores remotos autenticados eludir las restricciones destinadas a policy y ejecutar comandos Linux como root a través de vectores no especificados, también conocida como Bug ID CSCuw12839. • http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20151016-fmc http://www.securitytracker.com/id/1033873 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 4.3EPSS: 0%CPEs: 2EXPL: 0CVE-2015-4270
https://notcve.org/view.php?id=CVE-2015-4270
Multiple cross-site scripting (XSS) vulnerabilities in Cisco FireSIGHT System Software 5.3.1.5 and 6.0.0 allow remote attackers to inject arbitrary web script or HTML via a crafted URL, aka Bug IDs CSCuv22557, CSCuv22583, CSCuv22632, CSCuv22641, CSCuv22650, CSCuv22662, CSCuv22697, and CSCuv22702. Múltiples vulnerabilidades de secuencias de comandos en sitios cruzados (XXS) en Cisco FireSIGHT System Software 5.3.1.5 y 6.0.0, permite a atacantes remotos inyectar arbitrariamente secuencias de comandos web o HTML a través de URLs manipuladas, error conocido como Bug IDs CSCuv22557, CSCuv22583, CSCuv22632, CSCuv22641, CSCuv22650, CSCuv22662, CSCuv22697 y CSCuv22702. • http://tools.cisco.com/security/center/viewAlert.x?alertId=39879 http://www.securitytracker.com/id/1032887 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.8EPSS: 0%CPEs: 2EXPL: 0CVE-2015-4242
https://notcve.org/view.php?id=CVE-2015-4242
Cross-site request forgery (CSRF) vulnerability in Cisco FireSIGHT System Software 5.4.1.2 and 6.0.0 in FireSIGHT Management Center allows remote attackers to hijack the authentication of arbitrary users, aka Bug ID CSCuu94721. Vulnerabilidad de CSRF en Cisco FireSIGHT System Software 5.4.1.2 y 6.0.0 en FireSIGHT Management Center permite a atacantes remotos secuestrar la autenticación de usuarios arbitrarios, también conocido como Bug ID CSCuu94721. • http://tools.cisco.com/security/center/viewAlert.x?alertId=39643 http://www.securitytracker.com/id/1032806 • CWE-352: Cross-Site Request Forgery (CSRF) •