CVSS: 6.1EPSS: 0%CPEs: 5EXPL: 0CVE-2017-6762
https://notcve.org/view.php?id=CVE-2017-6762
A vulnerability in the web-based management interface of Cisco Jabber Guest Server 10.6(9), 11.0(0), and 11.0(1) could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web-based management interface of the affected software. The vulnerability is due to insufficient validation of user-supplied input by the web-based management interface of the affected software. An attacker could exploit this vulnerability by persuading a user of the interface to click a crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the interface or allow the attacker to access sensitive browser-based information. Cisco Bug IDs: CSCve09718. • http://www.securityfocus.com/bid/100108 http://www.securitytracker.com/id/1039060 https://quickview.cloudapps.cisco.com/quickview/bug/CSCve09718 https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170802-cj • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.5EPSS: 0%CPEs: 5EXPL: 0CVE-2016-9224
https://notcve.org/view.php?id=CVE-2016-9224
A vulnerability in the Cisco Jabber Guest Server could allow an unauthenticated, remote attacker to initiate connections to arbitrary hosts. More Information: CSCvc31635. Known Affected Releases: 10.6(9). Known Fixed Releases: 11.0(0). Una vulnerabilidad en el Cisco Jabber Guest Server podría permitir a un atacante remoto no autenticado iniciar conexiones con anfitriones arbitrarios. • http://www.securityfocus.com/bid/95016 http://www.securitytracker.com/id/1037516 https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161221-jabber • CWE-20: Improper Input Validation •
CVSS: 7.8EPSS: 2%CPEs: 291EXPL: 0CVE-2015-6360 – libsrtp: improper handling of CSRC count and extension header length in RTP header
https://notcve.org/view.php?id=CVE-2015-6360
The encryption-processing feature in Cisco libSRTP before 1.5.3 allows remote attackers to cause a denial of service via crafted fields in SRTP packets, aka Bug ID CSCux00686. La característica de procesado de cifrado en Cisco libSRTP en versiones anteriores a 1.5.3 permite a atacantes remotos provocar una denegación de servicio a través de campos manipulados en paquetes SRTP, también conocida como Bug ID CSCux00686. • http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160420-libsrtp http://www.debian.org/security/2016/dsa-3539 http://www.securitytracker.com/id/1035636 http://www.securitytracker.com/id/1035637 http://www.securitytracker.com/id/1035648 http://www.securitytracker.com/id/1035649 http://www.securitytracker.com/id/1035650 http://www.securitytracker.com/id/1035651 http://www.securitytracker.com/id/1035652 https://access.redhat.com/security/cve/CVE-2015-6360 http • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0CVE-2016-1311
https://notcve.org/view.php?id=CVE-2016-1311
Cross-site scripting (XSS) vulnerability in the management interface in Cisco Jabber Guest Server 10.6(8) allows remote attackers to inject arbitrary web script or HTML via the host tag parameter, aka Bug ID CSCuy08224. Vulnerabilidad de XSS en la interfaz de administración en Cisco Jabber Guest Server 10.6(8) permite a atacantes remotos inyectar secuencias de comandos web o HTML arbitrarios a través del parámetro de etiqueta host, también conocida como Bug ID CSCuy08224. • http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160203-jgs http://www.securitytracker.com/id/1034936 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.9EPSS: 0%CPEs: 1EXPL: 0CVE-2015-6409
https://notcve.org/view.php?id=CVE-2015-6409
Cisco Jabber 10.6.x, 11.0.x, and 11.1.x on Windows allows man-in-the-middle attackers to conduct STARTTLS downgrade attacks and trigger cleartext XMPP sessions via unspecified vectors, aka Bug ID CSCuw87419. Cisco Jabber 10.6.x, 11.0.x y 11.1.x en Windows permite a atacantes man-in-the-middle llevar a cabo ataques de reducción de versión STARTTLS y desencadenar sesiones XMPP en texto plano a través de vectores no especificados, también conocida como Bug ID CSCuw87419. • http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20151224-jab http://www.securityfocus.com/bid/79678 http://www.securitytracker.com/id/1034540 http://www.synacktiv.com/ressources/cisco_jabber_starttls_downgrade.pdf • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •