CVE-2016-1462
- EPSS 0.45%
- Published 28.07.2016 01:59:42
- Last modified 12.04.2025 10:46:40
Cross-site scripting (XSS) vulnerability in the web-based management interface in Cisco Prime Service Catalog (PSC) 11.0 allows remote attackers to inject arbitrary web script or HTML via a crafted value, aka Bug ID CSCuz63795.
CVE-2015-6395
- EPSS 0.36%
- Published 12.12.2015 11:59:00
- Last modified 12.04.2025 10:46:40
Cisco Prime Service Catalog 10.0, 10.0(R2), 10.1, and 11.0 does not properly restrict access to web pages, which allows remote attackers to modify the configuration via a direct request, aka Bug ID CSCuw48188.
CVE-2015-6350
- EPSS 0.29%
- Published 30.10.2015 10:59:08
- Last modified 12.04.2025 10:46:40
SQL injection vulnerability in the web framework in Cisco Prime Service Catalog 11.0 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors, aka Bug ID CSCuw50843.
CVE-2015-4190
- EPSS 0.29%
- Published 17.06.2015 10:59:06
- Last modified 12.04.2025 10:46:40
Cisco Cloud Portal in Cisco Prime Service Catalog 9.4.1_vortex on Cloud Portal appliances allows man-in-the-middle attackers to modify data via unspecified vectors, aka Bug ID CSCuh19683.
CVE-2015-0581
- EPSS 0.48%
- Published 28.01.2015 22:59:02
- Last modified 12.04.2025 10:46:40
The XML parser in Cisco Prime Service Catalog before 10.1 allows remote authenticated users to read arbitrary files or cause a denial of service (CPU and memory consumption) via an external entity declaration in conjunction with an entity reference, ...