cve,link,title,description,vendor,products,score,severity,epss,cisa,cisa_published,article,ransomware,exploited,exploited_date,poc,trended,trended_no_1,trended_no_1_date,published,trended_score
CVE-2022-20633,https://securityvulnerability.io/vulnerability/CVE-2022-20633,Cisco ECE Vulnerability Could Lead to Username Enumeration Attacks,"The vulnerability in the web-based management interface of Cisco ECE allows unauthenticated remote attackers to conduct username enumeration attacks. This issue arises from inconsistent authentication response behaviors when a connection is attempted. By exploiting this flaw, an attacker can send authentication requests to the affected device, successfully revealing valid usernames. Consequently, this information could be leveraged for further malicious activities targeting the compromised accounts. Cisco has issued software updates to mitigate this vulnerability, and no workarounds are available to address the issue.",Cisco,Cisco Enterprise Chat And Email,5.3,MEDIUM,0.0004600000102072954,false,,false,false,false,,,false,false,,2024-11-15T16:15:01.284Z,0
CVE-2022-20632,https://securityvulnerability.io/vulnerability/CVE-2022-20632,Cisco ECE Web-Based Management Interface Vulnerability,"The web-based management interface of Cisco ECE contains a security vulnerability that permits unauthenticated remote attackers to conduct cross-site scripting (XSS) attacks. This vulnerability arises from improper validation of user-supplied input within the interface. By tricking an interface user into clicking a specially crafted link, an attacker can execute arbitrary script code within the context of the interface. This exploitation could lead to unauthorized access to sensitive information stored in the user's browser. Cisco has addressed this issue through software updates, with no viable workarounds available.",Cisco,Cisco Enterprise Chat And Email,6.1,MEDIUM,0.0004600000102072954,false,,false,false,false,,,false,false,,2024-11-15T16:14:53.322Z,0
CVE-2022-20631,https://securityvulnerability.io/vulnerability/CVE-2022-20631,Cisco ECE Web-Based Management Interface Vulnerability,"A cross-site scripting vulnerability exists in the web-based management interface of Cisco ECE, stemming from insufficient validation of user-supplied input. When an attacker exploits this vulnerability, they can inject malicious script code through a chat window. This can lead to arbitrary script code execution within the context of the interface, potentially exposing sensitive information available in the browser. Cisco has released necessary software updates to resolve this issue, emphasizing the importance of applying these updates to mitigate risks associated with this vulnerability.",Cisco,Cisco Enterprise Chat And Email,6.1,MEDIUM,0.0004600000102072954,false,,false,false,false,,,false,false,,2024-11-15T16:03:36.564Z,0
CVE-2022-20634,https://securityvulnerability.io/vulnerability/CVE-2022-20634,Cisco ECE Vulnerability Could Lead to Open Redirect Attacks,"A vulnerability exists in the web-based management interface of Cisco ECE, enabling an unauthenticated remote attacker to influence a user's web experience by redirecting them to undesired or malicious web pages. This issue stems from improper input validation of URL parameters within HTTP requests. Attackers could exploit this vulnerability by convincing users to click on specially crafted links that initiate the redirect. Such vulnerabilities are frequently utilized in phishing attacks to mislead users into visiting harmful sites. Cisco has issued software updates to remediate this issue without offering viable workarounds.",Cisco,Cisco Enterprise Chat And Email,4.7,MEDIUM,0.0004600000102072954,false,,false,false,false,,,false,false,,2024-11-15T16:02:16.937Z,0
CVE-2022-20802,https://securityvulnerability.io/vulnerability/CVE-2022-20802,Cisco Enterprise Chat and Email Stored Cross-Site Scripting Vulnerability,"A vulnerability in the web interface of Cisco Enterprise Chat and Email (ECE) could allow an authenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the interface. This vulnerability is due to insufficient validation of user-supplied input that is processed by the web interface. An attacker could exploit this vulnerability by sending a crafted HTTP request to the affected system. A successful exploit could allow the attacker to execute arbitrary code in the context of the interface or access sensitive, browser-based information. To successfully exploit this vulnerability, an attacker would need valid agent credentials.",Cisco,Cisco Enterprise Chat And Email,5.4,MEDIUM,0.0006500000017695129,false,,false,false,true,2024-08-03T03:15:42.000Z,,false,false,,2022-05-27T14:15:00.000Z,0
CVE-2019-1877,https://securityvulnerability.io/vulnerability/CVE-2019-1877,Cisco Enterprise Chat and Email Attachment Download Vulnerability,"A vulnerability in the HTTP API of Cisco Enterprise Chat and Email could allow an unauthenticated, remote attacker to download files attached through chat sessions. The vulnerability is due to insufficient authentication mechanisms on the file download function of the API. An attacker could exploit this vulnerability by sending a crafted request to the API. A successful exploit could allow the attacker to download files that other users attach through the chat feature. This vulnerability affects versions prior to 12.0(1)ES1.",Cisco,Cisco Enterprise Chat And Email,6.5,MEDIUM,0.004339999984949827,false,,false,false,true,2024-08-04T19:16:15.000Z,,false,false,,2019-11-05T20:15:00.000Z,0
CVE-2019-1870,https://securityvulnerability.io/vulnerability/CVE-2019-1870,Cisco Enterprise Chat and Email Cross-Site Scripting Vulnerability,"A vulnerability in the web-based management interface of Cisco Enterprise Chat and Email (ECE) Center could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web-based management interface of an affected device. The vulnerability is due to insufficient validation of user-supplied input by the web-based management interface of an affected device. An attacker could exploit this vulnerability by persuading a user of the interface to click a crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the web interface or allow the attacker to access sensitive browser-based information.",Cisco,Cisco Enterprise Chat And Email,6.1,MEDIUM,0.000699999975040555,false,,false,false,true,2024-08-04T19:16:15.000Z,,false,false,,2019-06-05T00:00:00.000Z,0
CVE-2019-1702,https://securityvulnerability.io/vulnerability/CVE-2019-1702,Cisco Enterprise Chat and Email Cross-Site Scripting Vulnerabilities,"Multiple vulnerabilities in the web-based management interface of Cisco Enterprise Chat and Email could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web-based management interface of the affected software. The vulnerabilities are due to insufficient validation of user-supplied input by the web-based management interface of the affected software. An attacker could exploit these vulnerabilities either by injecting malicious code in a chat window or by sending a crafted link to a user of the interface. In both cases, the attacker must persuade the user to click the crafted link or open the chat window that contains the attacker's code. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive, browser-based information. Version 11.6(1) is affected.",Cisco,Cisco Enterprise Chat And Email,6.1,MEDIUM,0.0007099999929778278,false,,false,false,true,2024-08-04T19:16:05.000Z,,false,false,,2019-03-11T21:29:00.000Z,0