cve,link,title,description,vendor,products,score,severity,epss,cisa,cisa_published,article,ransomware,exploited,exploited_date,poc,trended,trended_no_1,trended_no_1_date,published,trended_score
CVE-2022-20663,https://securityvulnerability.io/vulnerability/CVE-2022-20663,Cisco Secure Network Analytics Vulnerability Could Lead to XSS Attacks,"A vulnerability exists within the web-based management interface of Cisco Secure Network Analytics, which may permit unauthenticated, remote attackers to launch cross-site scripting (XSS) attacks against interface users. This flaw results from inadequate validation of user input handled by the affected software's management interface. Attackers can exploit this vulnerability by convincing users to click on specially crafted links. Successful exploitation may enable attackers to execute arbitrary scripts within the context of the interface or obtain sensitive browser-based information. Cisco has issued software updates to remediate this vulnerability, with no alternative workarounds available.",Cisco,Cisco Secure Network Analytics,6.1,MEDIUM,0.0004600000102072954,false,,false,false,false,,,false,false,,2024-11-15T15:38:24.206Z,0
CVE-2023-20102,https://securityvulnerability.io/vulnerability/CVE-2023-20102,Cisco Secure Network Analytics Remote Code Execution Vulnerability,"A security flaw in the web management interface of Cisco Secure Network Analytics enables an authenticated remote attacker to execute arbitrary code on the underlying operating system due to inadequate sanitization of user inputs. By crafting a malicious HTTP request, an attacker could potentially gain administrative privileges and compromise the system integrity.",Cisco,Cisco Secure Network Analytics,8.8,HIGH,0.001500000013038516,false,,false,false,true,2024-10-28T17:15:05.000Z,,false,false,,2023-04-05T00:00:00.000Z,0
CVE-2023-20103,https://securityvulnerability.io/vulnerability/CVE-2023-20103,Cisco Secure Network Analytics Remote Code Execution Vulnerability,"A vulnerability in Cisco Secure Network Analytics could allow an authenticated, remote attacker to execute arbitrary code as a root user on an affected device. This vulnerability is due to insufficient validation of user input to the web interface. An attacker could exploit this vulnerability by uploading a crafted file to an affected device. A successful exploit could allow the attacker to execute code on the affected device. To exploit this vulnerability, an attacker would need to have valid Administrator credentials on the affected device.",Cisco,Cisco Secure Network Analytics,4.9,MEDIUM,0.0013800000306218863,false,,false,false,true,2024-10-25T17:15:14.000Z,,false,false,,2023-04-05T00:00:00.000Z,0
CVE-2022-20741,https://securityvulnerability.io/vulnerability/CVE-2022-20741,Cisco Secure Network Analytics Network Diagrams Application Cross-Site Scripting Vulnerability,"A vulnerability in the web-based management interface of the Network Diagrams application for Cisco Secure Network Analytics, formerly Stealthwatch Enterprise, could allow an authenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the interface. This vulnerability is due to insufficient validation of user-supplied input by the web-based management interface of the affected software. An attacker could exploit this vulnerability by persuading a user to click a crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive, browser-based information.",Cisco,Cisco Secure Network Analytics,5.4,MEDIUM,0.0006600000197067857,false,,false,false,true,2024-08-03T03:15:39.000Z,,false,false,,2022-04-06T00:00:00.000Z,0