cve,link,title,description,vendor,products,score,severity,epss,cisa,cisa_published,article,ransomware,exploited,exploited_date,poc,trended,trended_no_1,trended_no_1_date,published,trended_score
CVE-2022-20657,https://securityvulnerability.io/vulnerability/CVE-2022-20657,Cisco PI and EPNMWeb-Based Management Interface Vulnerability,"A cross-site scripting (XSS) vulnerability exists in the web-based management interface of Cisco Prime Infrastructure and Cisco Enhanced Packet Network Manager. This issue arises when the interface fails to properly validate user-supplied input, allowing potential exploitation by remote attackers. By convincing an interface user to click a crafted link, an attacker could execute arbitrary script code in the context of the user’s session. This could potentially allow attackers to access sensitive data and browser-based information pertaining to the affected device. Cisco has addressed this vulnerability through software updates, without any viable workarounds available.",Cisco,"Cisco Evolved Programmable Network Manager (epnm),Cisco Prime Infrastructure",6.1,MEDIUM,0.0004299999854993075,false,,false,false,false,,,false,false,,2024-11-15T15:39:33.492Z,0
CVE-2022-20656,https://securityvulnerability.io/vulnerability/CVE-2022-20656,Cisco PI and EPNM Web-Based Management Interface Vulnerability,"A vulnerability exists within the web-based management interface of certain Cisco products, which could enable an authenticated remote attacker to exploit directory traversal sequences in HTTPS URLs. By sending a specially crafted request, the attacker can manipulate directory paths and gain unauthorized access to system files. This could result in arbitrary file writes to the host system, potentially leading to significant exposure of sensitive information. Cisco has issued updates to remediate this vulnerability, and no alternative workarounds are available.",Cisco,"Cisco Evolved Programmable Network Manager (epnm),Cisco Prime Infrastructure",6.5,MEDIUM,0.0004600000102072954,false,,false,false,false,,,false,false,,2024-11-15T15:36:09.274Z,0
CVE-2023-20260,https://securityvulnerability.io/vulnerability/CVE-2023-20260,Privilege Escalation Vulnerability in Cisco Prime Infrastructure & Cisco Evolved Programmable Network Manager,"A vulnerability exists in the application command line interface (CLI) of Cisco Prime Infrastructure and Cisco Evolved Programmable Network Manager that permits an authenticated, local attacker to escalate privileges. This issue arises from the improper handling of command line arguments supplied to application scripts. By executing specific commands on the CLI with crafted options, an attacker could potentially exploit this vulnerability, leading to elevated privileges akin to that of the root user on the underlying operating system, thereby compromising the security and integrity of the affected systems.",Cisco,"Cisco Prime Infrastructure,Cisco Evolved Programmable Network Manager (epnm)",6,MEDIUM,0.0004199999966658652,false,,false,false,true,2024-11-13T20:15:12.000Z,,false,false,,2024-01-17T16:57:33.285Z,0
CVE-2023-20258,https://securityvulnerability.io/vulnerability/CVE-2023-20258,Command Execution Vulnerability in Cisco Prime Infrastructure,"A security flaw exists in the web-based management interface of Cisco Prime Infrastructure that could enable an authenticated remote attacker to execute arbitrary commands on the underlying operating system. This vulnerability arises from the inadequate processing of serialized Java objects within the application. Attacks may involve uploading a document imbued with malicious serialized Java objects that the application processes. If successfully exploited, this could permit the attacker to compel the application into executing unintended commands on the system, leading to potential unauthorized access and operational disruptions.",Cisco,Cisco Prime Infrastructure,6.5,MEDIUM,0.0018700000364333391,false,,false,false,false,,,false,false,,2024-01-17T16:56:57.318Z,0
CVE-2023-20271,https://securityvulnerability.io/vulnerability/CVE-2023-20271,SQL Injection Vulnerability in Cisco Management Interfaces,"A vulnerability exists in the web-based management interfaces of Cisco Prime Infrastructure and Cisco Evolved Programmable Network Manager. This issue arises from insufficient validation of user-submitted parameters, enabling authenticated, remote attackers to execute SQL injection attacks. By sending specially crafted requests after successful authentication, attackers may gain unauthorized access to sensitive data stored within the database. Successful exploitation of this vulnerability can lead to the modification and extraction of confidential information, posing significant risks to system integrity and data confidentiality.",Cisco,"Cisco Prime Infrastructure,Cisco Evolved Programmable Network Manager (EPNM)",6.5,MEDIUM,0.0007099999929778278,false,,false,false,false,,,false,false,,2024-01-17T16:56:25.553Z,0
CVE-2023-20257,https://securityvulnerability.io/vulnerability/CVE-2023-20257,Cross-Site Scripting Vulnerability in Cisco Prime Infrastructure,"A vulnerability exists within the web-based management interface of Cisco Prime Infrastructure, allowing authenticated remote attackers to exploit it through cross-site scripting techniques. This issue arises from inadequate validation of user inputs processed by the management interface. By injecting malicious script or HTML content into requests, an attacker can manipulate the application, resulting in cross-site scripting attacks that could impact other users. The potential exploitation of this vulnerability significantly raises security concerns for organizations relying on Cisco Prime Infrastructure.",Cisco,"Cisco Prime Infrastructure,Cisco Evolved Programmable Network Manager (EPNM)",4.8,MEDIUM,0.0006099999882280827,false,,false,false,false,,,false,false,,2024-01-17T16:55:42.034Z,0
CVE-2023-20222,https://securityvulnerability.io/vulnerability/CVE-2023-20222,Cross-Site Scripting Vulnerability in Cisco Prime Infrastructure and Evolved Programmable Network Manager,"A vulnerability in the web-based management interface of Cisco Prime Infrastructure and Cisco Evolved Programmable Network Manager (EPNM) allows an unauthenticated, remote attacker to initiate a cross-site scripting (XSS) attack. This type of vulnerability arises from inadequate validation of user-supplied input within the interface. Attackers can exploit this issue by injecting malicious scripts into specific pages of the interface, potentially enabling them to execute arbitrary code in the context of the user's session. As a result, sensitive information stored in the browser may be exposed, creating significant security concerns for users of the affected systems.",Cisco,"Cisco Prime Infrastructure,Cisco Evolved Programmable Network Manager (EPNM)",6.1,MEDIUM,0.001290000043809414,false,,false,false,false,,,false,false,,2023-08-16T22:15:00.000Z,0
CVE-2023-20205,https://securityvulnerability.io/vulnerability/CVE-2023-20205,Stored Cross-Site Scripting Vulnerability in Cisco Prime Infrastructure and EPNM,"Multiple vulnerabilities in the web-based management interface of Cisco Prime Infrastructure and Cisco Evolved Programmable Network Manager (EPNM) stem from inadequate validation of user-supplied input. An attacker with valid credentials can execute a stored cross-site scripting (XSS) attack by tricking a user to view a page that includes malicious HTML or script content. This exploit could allow the attacker to run arbitrary script code in the context of the affected interface, potentially accessing sensitive browser-based information.",Cisco,"Cisco Prime Infrastructure,Cisco Evolved Programmable Network Manager (EPNM)",5.4,MEDIUM,0.0006099999882280827,false,,false,false,false,,,false,false,,2023-08-16T22:15:00.000Z,0
CVE-2023-20201,https://securityvulnerability.io/vulnerability/CVE-2023-20201,Stored XSS Vulnerability in Cisco Prime Infrastructure and Evolved Programmable Network Manager,"Cisco's web-based management interfaces for Prime Infrastructure and Evolved Programmable Network Manager are exposed to multiple vulnerabilities. These issues arise from inadequate validation of user-supplied input, allowing an authenticated remote attacker to execute a stored XSS attack. An attacker may entice a valid user to access a compromised page containing malicious HTML or JavaScript. Successful exploitation could lead to arbitrary script execution within the context of the user's session, potentially exposing sensitive browser-based information.",Cisco,"Cisco Prime Infrastructure,Cisco Evolved Programmable Network Manager (EPNM)",5.4,MEDIUM,0.0006099999882280827,false,,false,false,false,,,false,false,,2023-08-16T22:15:00.000Z,0
CVE-2023-20203,https://securityvulnerability.io/vulnerability/CVE-2023-20203,Stored XSS Vulnerability in Cisco Prime Infrastructure and EPNM Management Interfaces,"Multiple vulnerabilities exist in the web-based management interfaces of Cisco Prime Infrastructure and Cisco Evolved Programmable Network Manager, allowing authenticated remote attackers to execute stored cross-site scripting (XSS) attacks. These vulnerabilities arise from inadequate validation of user-supplied input, enabling attackers to craft pages with malicious HTML or script content. To exploit these vulnerabilities, an attacker must have valid authentication credentials, persuading users to access the altered pages. This exploit could lead to the execution of arbitrary script code in the affected interface's context, potentially exposing sensitive browser information.",Cisco,"Cisco Prime Infrastructure,Cisco Evolved Programmable Network Manager (EPNM)",5.4,MEDIUM,0.0006099999882280827,false,,false,false,false,,,false,false,,2023-08-16T22:15:00.000Z,0
CVE-2023-20130,https://securityvulnerability.io/vulnerability/CVE-2023-20130,Cisco Prime Infrastructure and Cisco Evolved Programmable Network Manager Vulnerabilities,"Multiple vulnerabilities in the web-based management interface of Cisco Prime Infrastructure and Cisco Evolved Programmable Network Manager (EPNM) could allow a remote attacker to obtain privileged information and conduct cross-site scripting (XSS) and cross-site request forgery (CSRF) attacks. For more information about these vulnerabilities, see the Details section of this advisory.",Cisco,Cisco Prime Infrastructure,6.5,MEDIUM,0.000750000006519258,false,,false,false,true,2024-10-25T17:15:14.000Z,,false,false,,2023-04-05T00:00:00.000Z,0
CVE-2023-20127,https://securityvulnerability.io/vulnerability/CVE-2023-20127,Cisco Prime Infrastructure and Cisco Evolved Programmable Network Manager Vulnerabilities,"Multiple vulnerabilities in the web-based management interface of Cisco Prime Infrastructure and Cisco Evolved Programmable Network Manager (EPNM) could allow a remote attacker to obtain privileged information and conduct cross-site scripting (XSS) and cross-site request forgery (CSRF) attacks. For more information about these vulnerabilities, see the Details section of this advisory.",Cisco,Cisco Prime Infrastructure,6.5,MEDIUM,0.0008999999845400453,false,,false,false,true,2024-10-25T17:15:14.000Z,,false,false,,2023-04-05T00:00:00.000Z,0
CVE-2023-20068,https://securityvulnerability.io/vulnerability/CVE-2023-20068,Cisco Prime Infrastructure Reflected Cross-Site Scripting Vulnerability,"A vulnerability in the web-based management interface of Cisco Prime Infrastructure Software could allow an unauthenticated, remote attacker to conduct a reflected cross-site scripting (XSS) attack against a user of the interface on an affected device. This vulnerability is due to insufficient validation of user-supplied input. An attacker could exploit this vulnerability by persuading a user of the web-based management interface on an affected device to click a crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or to access sensitive, browser-based information.",Cisco,Cisco Prime Infrastructure,6.1,MEDIUM,0.0013599999947473407,false,,false,false,true,2024-10-25T17:15:14.000Z,,false,false,,2023-04-05T00:00:00.000Z,0
CVE-2023-20131,https://securityvulnerability.io/vulnerability/CVE-2023-20131,Cisco Prime Infrastructure and Cisco Evolved Programmable Network Manager Vulnerabilities,"Multiple vulnerabilities in the web-based management interface of Cisco Prime Infrastructure and Cisco Evolved Programmable Network Manager (EPNM) could allow a remote attacker to obtain privileged information and conduct cross-site scripting (XSS) and cross-site request forgery (CSRF) attacks. For more information about these vulnerabilities, see the Details section of this advisory.",Cisco,Cisco Prime Infrastructure,6.5,MEDIUM,0.0006600000197067857,false,,false,false,true,2024-10-25T17:15:15.000Z,,false,false,,2023-04-05T00:00:00.000Z,0
CVE-2023-20129,https://securityvulnerability.io/vulnerability/CVE-2023-20129,Cisco Prime Infrastructure and Cisco Evolved Programmable Network Manager Vulnerabilities,"Multiple vulnerabilities in the web-based management interface of Cisco Prime Infrastructure and Cisco Evolved Programmable Network Manager (EPNM) could allow a remote attacker to obtain privileged information and conduct cross-site scripting (XSS) and cross-site request forgery (CSRF) attacks. For more information about these vulnerabilities, see the Details section of this advisory.",Cisco,Cisco Prime Infrastructure,6.5,MEDIUM,0.0011599999852478504,false,,false,false,true,2024-10-25T17:15:14.000Z,,false,false,,2023-04-05T00:00:00.000Z,0
CVE-2023-20069,https://securityvulnerability.io/vulnerability/CVE-2023-20069,Cisco Prime Infrastructure and Evolved Programmable Network Manager Stored Cross-Site Scripting Vulnerability,"A vulnerability in the web-based management interface of Cisco Prime Infrastructure and Cisco Evolved Programmable Network (EPN) Manager could allow an authenticated, remote attacker to conduct a stored cross-site scripting (XSS) attack against a user of the interface on an affected device. This vulnerability is due to insufficient validation of user-supplied input. An attacker could exploit this vulnerability by persuading a user of an affected interface to click a crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive, browser-based information. To exploit this vulnerability, the attacker would need to have valid credentials to access the web-based management interface of the affected device.",Cisco,Cisco Prime Infrastructure,5.4,MEDIUM,0.0006600000197067857,false,,false,false,true,2024-10-25T17:15:14.000Z,,false,false,,2023-03-03T00:00:00.000Z,0
CVE-2022-20659,https://securityvulnerability.io/vulnerability/CVE-2022-20659,Cisco Prime Infrastructure and Evolved Programmable Network Manager Cross-Site Scripting Vulnerability,"A vulnerability in the web-based management interface of Cisco Prime Infrastructure and Cisco Evolved Programmable Network (EPN) Manager could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the interface of an affected device. This vulnerability exists because the web-based management interface does not properly validate user-supplied input. An attacker could exploit this vulnerability by persuading a user of an affected interface to click a crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive, browser-based information.",Cisco,Cisco Prime Infrastructure,6.1,MEDIUM,0.0014700000174343586,false,,false,false,true,2024-08-03T03:15:35.000Z,,false,false,,2022-02-17T00:00:00.000Z,0
CVE-2021-34784,https://securityvulnerability.io/vulnerability/CVE-2021-34784,Cisco Prime Infrastructure and Evolved Programmable Network Manager Stored Cross-Site Scripting Vulnerability,"A vulnerability in the web-based management interface of Cisco Prime Infrastructure (PI) and Cisco Evolved Programmable Network Manager (EPNM) could allow an authenticated, remote attacker to conduct a stored cross-site scripting (XSS) attack against a user of the web-based management interface of an affected device. This vulnerability exists because the web-based management interface does not properly validate user-supplied input. An attacker could exploit this vulnerability by persuading a user of an affected interface to click a crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive, browser-based information.",Cisco,Cisco Prime Infrastructure,5.4,MEDIUM,0.0006600000197067857,false,,false,false,true,2024-08-04T02:15:24.000Z,,false,false,,2021-11-04T16:15:00.000Z,0
CVE-2021-34733,https://securityvulnerability.io/vulnerability/CVE-2021-34733,Cisco Prime Infrastructure and Cisco Evolved Programmable Network Manager Information Disclosure Vulnerability,"A vulnerability in the CLI of Cisco Prime Infrastructure and Cisco Evolved Programmable Network (EPN) Manager could allow an authenticated, local attacker to access sensitive information stored on the underlying file system of an affected system. This vulnerability exists because sensitive information is not sufficiently secured when it is stored. An attacker could exploit this vulnerability by gaining unauthorized access to sensitive information on an affected system. A successful exploit could allow the attacker to create forged authentication requests and gain unauthorized access to the affected system.",Cisco,Cisco Prime Infrastructure,5.5,MEDIUM,0.0004199999966658652,false,,false,false,true,2024-08-04T02:15:21.000Z,,false,false,,2021-09-02T03:15:00.000Z,0
CVE-2021-1487,https://securityvulnerability.io/vulnerability/CVE-2021-1487,Cisco Prime Infrastructure and Cisco Evolved Programmable Network Manager Command Injection Vulnerability,"A vulnerability in the web-based management interface of Cisco Prime Infrastructure and Evolved Programmable Network (EPN) Manager could allow an authenticated, remote attacker to execute arbitrary commands on an affected system. The vulnerability is due to insufficient validation of user-supplied input to the web-based management interface. An attacker could exploit this vulnerability by sending crafted HTTP requests to the interface. A successful exploit could allow the attacker to execute arbitrary commands on the underlying operating system (OS) with the permissions of a special non-root user. In this way, an attacker could take control of the affected system, which would allow them to obtain and alter sensitive data. The attacker could also affect the devices that are managed by the affected system by pushing arbitrary configuration files, retrieving device credentials and confidential information, and ultimately undermining the stability of the devices, causing a denial of service (DoS) condition.",Cisco,Cisco Prime Infrastructure,8.8,HIGH,0.0012600000482052565,false,,false,false,true,2024-08-03T17:15:58.000Z,,false,false,,2021-05-22T07:15:00.000Z,0
CVE-2020-3339,https://securityvulnerability.io/vulnerability/CVE-2020-3339,Cisco Prime Infrastructure SQL Injection Vulnerability,"A vulnerability in the web-based management interface of Cisco Prime Infrastructure could allow an authenticated, remote attacker to conduct SQL injection attacks on an affected system. The vulnerability is due to improper validation of user-submitted parameters. An attacker could exploit this vulnerability by authenticating to the application and sending malicious requests to an affected system. A successful exploit could allow the attacker to obtain and modify sensitive information that is stored in the underlying database.",Cisco,Cisco Prime Infrastructure,5.4,MEDIUM,0.000699999975040555,false,,false,false,true,2024-08-04T08:16:35.000Z,,false,false,,2020-06-03T00:00:00.000Z,0
CVE-2019-15958,https://securityvulnerability.io/vulnerability/CVE-2019-15958,Cisco Prime Infrastructure and Evolved Programmable Network Manager Remote Code Execution Vulnerability,A vulnerability in the REST API of Cisco Prime Infrastructure (PI) and Cisco Evolved Programmable Network Manager (EPNM) could allow an unauthenticated remote attacker to execute arbitrary code with root privileges on the underlying operating system. The vulnerability is due to insufficient input validation during the initial High Availability (HA) configuration and registration process of an affected device. An attacker could exploit this vulnerability by uploading a malicious file during the HA registration period. A successful exploit could allow the attacker to execute arbitrary code with root-level privileges on the underlying operating system. Note: This vulnerability can only be exploited during the HA registration period. See the Details section for more information.,Cisco,Cisco Prime Infrastructure,8.1,HIGH,0.0061900001019239426,false,,false,false,true,2024-08-05T02:15:45.000Z,,false,false,,2019-11-26T03:15:00.000Z,0
CVE-2019-12713,https://securityvulnerability.io/vulnerability/CVE-2019-12713,Cisco Prime Infrastructure Cross-Site Scripting Vulnerability,"A vulnerability in the web-based management interface of Cisco Prime Infrastructure could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web-based management interface of the affected software. The vulnerability is due to insufficient validation of user-supplied input by the web-based management interface of the affected software. An attacker could exploit this vulnerability by persuading a user of the interface to click a crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive browser-based information.",Cisco,Cisco Prime Infrastructure,6.1,MEDIUM,0.001509999972768128,false,,false,false,true,2024-09-16T18:16:26.000Z,,false,false,,2019-10-02T00:00:00.000Z,0
CVE-2019-12712,https://securityvulnerability.io/vulnerability/CVE-2019-12712,Cisco Prime Infrastructure Cross-Site Scripting Vulnerability,"A vulnerability in the web-based management interface of Cisco Prime Infrastructure could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web-based management interface of the affected software. The vulnerability is due to insufficient validation of user-supplied input in multiple sections of the web-based management interface of the affected software. An attacker could exploit this vulnerability by persuading a user of the interface to click a crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive browser-based information.",Cisco,Cisco Prime Infrastructure,6.1,MEDIUM,0.001509999972768128,false,,false,false,true,2024-09-16T20:17:52.000Z,,false,false,,2019-10-02T00:00:00.000Z,0
CVE-2019-1906,https://securityvulnerability.io/vulnerability/CVE-2019-1906,Cisco Prime Infrastructure Virtual Domain Privilege Escalation Vulnerability,"A vulnerability in the Virtual Domain system of Cisco Prime Infrastructure (PI) could allow an authenticated, remote attacker to change the virtual domain configuration, which could lead to privilege escalation. The vulnerability is due to improper validation of API requests. An attacker could exploit this vulnerability by manipulating requests sent to an affected PI server. A successful exploit could allow the attacker to change the virtual domain configuration and possibly elevate privileges.",Cisco,Cisco Prime Infrastructure,4.3,MEDIUM,0.0007099999929778278,false,,false,false,true,2024-08-04T19:16:17.000Z,,false,false,,2019-06-20T03:15:00.000Z,0