CVSS: 10.0EPSS: 1%CPEs: 1EXPL: 0CVE-2023-20101
https://notcve.org/view.php?id=CVE-2023-20101
04 Oct 2023 — A vulnerability in Cisco Emergency Responder could allow an unauthenticated, remote attacker to log in to an affected device using the root account, which has default, static credentials that cannot be changed or deleted. This vulnerability is due to the presence of static user credentials for the root account that are typically reserved for use during development. An attacker could exploit this vulnerability by using the account to log in to an affected system. A successful exploit could allow the attacker... • https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cer-priv-esc-B9t3hqk9 • CWE-798: Use of Hard-coded Credentials •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0CVE-2019-16025 – Cisco Emergency Responder Stored Cross-Site Scripting Vulnerability
https://notcve.org/view.php?id=CVE-2019-16025
23 Sep 2020 — A vulnerability in the web framework of Cisco Emergency Responder could allow an authenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web-based management interface. The vulnerability is due to insufficient validation of some parameters that are passed to the web server of the affected software. An attacker could exploit this vulnerability by persuading a user to access a malicious link or by intercepting a user request for the affected web interface and inject... • https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20200108-er-xss • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.4EPSS: 0%CPEs: 12EXPL: 0CVE-2018-15403 – Multiple Cisco Unified Communications Products Open Redirect Vulnerability
https://notcve.org/view.php?id=CVE-2018-15403
05 Oct 2018 — A vulnerability in the web interface of Cisco Emergency Responder, Cisco Unified Communications Manager, Cisco Unified Communications Manager IM & Presence Service, and Cisco Unity Connection could allow an authenticated, remote attacker to redirect a user to a malicious web page. The vulnerability is due to improper input validation of the parameters of an HTTP request. An attacker could exploit this vulnerability by crafting an HTTP request that causes the web interface to redirect a request to a specific... • http://www.securitytracker.com/id/1041780 • CWE-601: URL Redirection to Untrusted Site ('Open Redirect') •