Alexander Barakazian

**Name of the Vulnerable Software and Affected Versions** Axigen Mail Server versions 10.3.x through 10.3.1.26 Axigen Mail Server versions 10.3.2.x through 10.3.2.x **Description** An issue in Axigen Mail Server allows unauthenticated attackers to submit a `setAdminPassword` operation request, setting a new arbitrary password for the `admin` account. **Recommendations** For Axigen Mail Server versions 10.3.x through 10.3.1.26, update to version 10.3.1.27 or later. For Axigen Mail Server versions 10.3.2.x through 10.3.2.x, update to version 10.3.3.1 or later.

**Name of the Vulnerable Software and Affected Versions** Cisco Security Manager (affected versions not specified) **Description** The issue is related to multiple vulnerabilities in the web-based management interface of Cisco Security Manager. These vulnerabilities could allow an unauthenticated, remote attacker to conduct cross-site scripting attacks against a user of the interface. The vulnerabilities are due to insufficient validation of user-supplied input by the web-based management interface. An attacker could exploit these vulnerabilities by persuading a user to click a crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the interface or access sensitive, browser-based information. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Cisco Security Manager (affected versions not specified) **Description** The issue is related to insufficient protection of the web page structure in the web-based management interface, allowing for cross-site scripting attacks. An attacker could exploit this by persuading a user to click a crafted link, potentially executing arbitrary script code in the context of the interface or accessing sensitive browser-based information. The vulnerabilities are due to insufficient validation of user-supplied input by the web-based management interface. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Cisco Security Manager (affected versions not specified) **Description** The issue is related to insufficient validation of user-supplied input by the web-based management interface, allowing an unauthenticated, remote attacker to conduct cross-site scripting attacks against a user of the interface. An attacker could exploit this by persuading a user to click a crafted link, potentially executing arbitrary script code in the context of the interface or accessing sensitive, browser-based information. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Cisco Security Manager (affected versions not specified) **Description** The issue is related to insufficient protection of the web interface structure, allowing an unauthenticated, remote attacker to conduct cross-site scripting attacks against a user of the interface. This is due to insufficient validation of user-supplied input by the web-based management interface. An attacker could exploit this by persuading a user to click a crafted link, potentially allowing the execution of arbitrary script code in the context of the interface or access to sensitive, browser-based information. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Cisco Security Manager (affected versions not specified) **Description** The issue is related to multiple vulnerabilities in the web-based management interface of Cisco Security Manager. These vulnerabilities are due to insufficient validation of user-supplied input by the web-based management interface, which could allow an unauthenticated, remote attacker to conduct cross-site scripting attacks against a user of the interface. An attacker could exploit these vulnerabilities by persuading a user to click a crafted link, potentially allowing the attacker to execute arbitrary script code in the context of the interface or access sensitive, browser-based information. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Cisco Security Manager (affected versions not specified) **Description** The issue is related to insufficient protection of the web page structure in the web-based management interface, allowing for cross-site scripting attacks. This could enable a remote attacker to execute arbitrary script code or access sensitive browser-based information by persuading a user to click on a crafted link. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Cisco Security Manager (affected versions not specified) **Description** The issue is related to multiple vulnerabilities in the web-based management interface of Cisco Security Manager. These vulnerabilities are due to insufficient validation of user-supplied input by the web-based management interface, which could allow an unauthenticated, remote attacker to conduct cross-site scripting attacks against a user of the interface. An attacker could exploit these vulnerabilities by persuading a user to click a crafted link, potentially allowing the attacker to execute arbitrary script code in the context of the interface or access sensitive, browser-based information. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Cisco Security Manager (affected versions not specified) **Description** The issue is related to insufficient validation of user-supplied input by the web-based management interface of Cisco Security Manager, allowing an unauthenticated, remote attacker to conduct cross-site scripting attacks. An attacker could exploit this by persuading a user to click a crafted link, potentially executing arbitrary script code in the context of the interface or accessing sensitive, browser-based information. The vulnerability is also associated with inadequate protection of the web page structure, which could be exploited using a specially crafted web page. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Cisco Security Manager (affected versions not specified) **Description** The issue is related to multiple vulnerabilities in the web-based management interface of Cisco Security Manager. These vulnerabilities could allow an unauthenticated, remote attacker to conduct cross-site scripting attacks against a user of the interface. The vulnerabilities are due to insufficient validation of user-supplied input by the web-based management interface. An attacker could exploit these vulnerabilities by persuading a user to click a crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the interface or access sensitive, browser-based information. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Cisco Security Manager (affected versions not specified) **Description** The issue is related to insufficient protection of the web page structure in the web-based management interface, allowing for cross-site scripting attacks. An attacker could exploit this by persuading a user to click a crafted link, potentially executing arbitrary script code in the context of the interface or accessing sensitive browser-based information. The vulnerabilities are due to insufficient validation of user-supplied input by the web-based management interface. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Cisco Security Manager (affected versions not specified) **Description** The issue is related to insufficient protection of the web page structure in the web-based management interface, allowing for cross-site scripting attacks. This could enable a remote attacker to execute arbitrary script code in the context of the interface or access sensitive browser-based information by persuading a user to click a crafted link. The vulnerabilities are due to insufficient validation of user-supplied input by the web-based management interface. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Cisco Security Manager (affected versions not specified) Cisco Secure Network Analytics (affected versions not specified) **Description** The issue is related to insufficient validation of user-supplied input by the web-based management interface, which could allow an unauthenticated, remote attacker to conduct cross-site scripting attacks. This can be achieved by persuading a user to click a crafted link, potentially allowing the attacker to execute arbitrary script code in the context of the interface or access sensitive, browser-based information. The vulnerability is also associated with inadequate protection of the web page structure. **Recommendations** For Cisco Security Manager, consider restricting access to the web-based management interface until a fix is available. For Cisco Secure Network Analytics, as a temporary workaround, consider disabling the web-based interface to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Cisco Security Manager (affected versions not specified) **Description** The issue is related to insufficient protection of the web page structure in the web-based management interface, allowing for cross-site scripting attacks. An attacker could exploit this by persuading a user to click a crafted link, potentially executing arbitrary script code in the context of the interface or accessing sensitive browser-based information. The vulnerabilities are due to insufficient validation of user-supplied input by the web-based management interface. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Name of the Vulnerable Software and Affected Versions: Zoho ManageEngine ADManager Plus versions prior to 7110 Description: The issue allows remote code execution. Recommendations: For versions prior to 7110, update to version 7110 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** Cisco Prime Service Catalog (affected versions not specified) **Description** The issue is related to a lack of protection against cross-site request forgery (CSRF) attacks in the web-based management interface. An attacker could exploit this by persuading a user to follow a malicious link, potentially allowing the attacker to perform arbitrary actions on the affected system with the privilege level of the affected user. **Recommendations** For all affected versions, consider restricting access to the web-based management interface until a fix is available. As a temporary workaround, avoid using links from untrusted sources to minimize the risk of exploitation. Restrict user privileges to minimize the impact of a potential attack. At the moment, there is no information about a newer version that contains a fix for this vulnerability.