CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0CVE-2020-3136 – Cisco Jabber Guest Cross-Site Scripting Vulnerability
https://notcve.org/view.php?id=CVE-2020-3136
A vulnerability in the web-based management interface of Cisco Jabber Guest could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web-based management interface of an affected device. The vulnerability exists because the web-based management interface of the affected device does not properly validate user-supplied input. An attacker could exploit this vulnerability by persuading a user to click a malicious link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or to access sensitive, browser-based information. This vulnerability affects Cisco Jabber Guest releases 11.1(2) and earlier. • https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-jabber-guest-xss-6urXhkqv • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.5EPSS: 0%CPEs: 5EXPL: 0CVE-2016-9224
https://notcve.org/view.php?id=CVE-2016-9224
A vulnerability in the Cisco Jabber Guest Server could allow an unauthenticated, remote attacker to initiate connections to arbitrary hosts. More Information: CSCvc31635. Known Affected Releases: 10.6(9). Known Fixed Releases: 11.0(0). Una vulnerabilidad en el Cisco Jabber Guest Server podría permitir a un atacante remoto no autenticado iniciar conexiones con anfitriones arbitrarios. • http://www.securityfocus.com/bid/95016 http://www.securitytracker.com/id/1037516 https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161221-jabber • CWE-20: Improper Input Validation •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0CVE-2016-1311
https://notcve.org/view.php?id=CVE-2016-1311
Cross-site scripting (XSS) vulnerability in the management interface in Cisco Jabber Guest Server 10.6(8) allows remote attackers to inject arbitrary web script or HTML via the host tag parameter, aka Bug ID CSCuy08224. Vulnerabilidad de XSS en la interfaz de administración en Cisco Jabber Guest Server 10.6(8) permite a atacantes remotos inyectar secuencias de comandos web o HTML arbitrarios a través del parámetro de etiqueta host, también conocida como Bug ID CSCuy08224. • http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160203-jgs http://www.securitytracker.com/id/1034936 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •