CVSS: 6.4EPSS: 0%CPEs: 12EXPL: 0CVE-2023-20228
https://notcve.org/view.php?id=CVE-2023-20228
16 Aug 2023 — A vulnerability in the web-based management interface of Cisco Integrated Management Controller (IMC) could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the interface. This vulnerability is due to insufficient validation of user input. An attacker could exploit this vulnerability by persuading a user of an affected interface to click a crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the browser of t... • https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cimc-xss-UMYtYEtr • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') CWE-80: Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) •
CVSS: 6.1EPSS: 0%CPEs: 54EXPL: 0CVE-2021-1397 – Cisco Integrated Management Controller Open Redirect Vulnerability
https://notcve.org/view.php?id=CVE-2021-1397
06 May 2021 — A vulnerability in the web-based management interface of Cisco Integrated Management Controller (IMC) Software could allow an unauthenticated, remote attacker to redirect a user to a malicious web page. This vulnerability is due to improper input validation of the parameters in an HTTP request. An attacker could exploit this vulnerability by persuading a user to click a crafted link. A successful exploit could allow the attacker to redirect a user to a malicious website. This vulnerability is known as an op... • https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-imc-openred-zAYrU6d2 • CWE-601: URL Redirection to Untrusted Site ('Open Redirect') •
CVSS: 4.4EPSS: 0%CPEs: 17EXPL: 0CVE-2019-1880 – Cisco Unified Computing System BIOS Signature Bypass Vulnerability
https://notcve.org/view.php?id=CVE-2019-1880
05 Jun 2019 — A vulnerability in the BIOS upgrade utility of Cisco Unified Computing System (UCS) C-Series Rack Servers could allow an authenticated, local attacker to install compromised BIOS firmware on an affected device. The vulnerability is due to insufficient validation of the firmware image file. An attacker could exploit this vulnerability by executing the BIOS upgrade utility with a specific set of options. A successful exploit could allow the attacker to bypass the firmware signature-verification process and in... • http://www.securityfocus.com/bid/108680 • CWE-345: Insufficient Verification of Data Authenticity •
CVSS: 8.8EPSS: 0%CPEs: 28EXPL: 0CVE-2019-1857 – Cisco HyperFlex HX-Series Web-Based Management Interface Cross-Site Request Forgery Vulnerability
https://notcve.org/view.php?id=CVE-2019-1857
03 May 2019 — A vulnerability in the web-based management interface of Cisco HyperFlex HX-Series could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack and perform arbitrary actions on an affected system. The vulnerability is due to insufficient CSRF protections for the web-based management interface of the affected software. An attacker could exploit this vulnerability by persuading a user of the interface to follow a crafted link. A successful exploit could allow the attac... • http://www.securityfocus.com/bid/108163 • CWE-352: Cross-Site Request Forgery (CSRF) •