Cisco Socialminer vulnerabilities

CVE-2025-20278 [MEDIUM] CWE-77 CVE-2025-20278: A vulnerability in the CLI of multiple Cisco Unified Communications products could allow an authenti A vulnerability in the CLI of multiple Cisco Unified Communications products could allow an authenticated, local attacker to execute arbitrary commands on the underlying operating system of an affected device as the root user. This vulnerability is due to improper validation of user-supplied command arguments. An attacker could exploit this vulnerab

CVE-2025-20129 [MEDIUM] CWE-200 CVE-2025-20129: A vulnerability in the web-based chat interface of Cisco Customer Collaboration Platform (CCP), form A vulnerability in the web-based chat interface of Cisco Customer Collaboration Platform (CCP), formerly Cisco SocialMiner, could allow an unauthenticated, remote attacker to persuade users to disclose sensitive data. This vulnerability is due to improper sanitization of HTTP requests that are sent to the web-based chat interface. An attacker could

CVE-2019-1668 [MEDIUM] CWE-79 CVE-2019-1668: A vulnerability in the chat feed feature of Cisco SocialMiner could allow an unauthenticated, remote A vulnerability in the chat feed feature of Cisco SocialMiner could allow an unauthenticated, remote attacker to perform cross-site scripting (XSS) attacks against a user of the web-based user interface of an affected system. This vulnerability is due to insufficient sanitization of user-supplied input delivered to the chat feed as part of an HTTP requ

CVE-2018-15435 [MEDIUM] CWE-79 CVE-2018-15435: A vulnerability in the web-based management interface of Cisco SocialMiner could allow an unauthenti A vulnerability in the web-based management interface of Cisco SocialMiner could allow an unauthenticated, remote attacker to conduct a stored cross-site scripting (XSS) attack against a user of the web-based management interface. The vulnerability is due to insufficient validation of user-supplied input by the web-based management interface of an af

CVE-2017-6779 [HIGH] CWE-399 CVE-2017-6779: Multiple Cisco products are affected by a vulnerability in local file management for certain system Multiple Cisco products are affected by a vulnerability in local file management for certain system log files of Cisco collaboration products that could allow an unauthenticated, remote attacker to cause high disk utilization, resulting in a denial of service (DoS) condition. The vulnerability occurs because a certain system log file does not have a maxi

CVE-2018-0290 [MEDIUM] CWE-399 CVE-2018-0290: A vulnerability in the TCP stack of Cisco SocialMiner could allow an unauthenticated, remote attacke A vulnerability in the TCP stack of Cisco SocialMiner could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition in the notification system. The vulnerability is due to faulty handling of new TCP connections to the affected application. An attacker could exploit this vulnerability by sending a malicious TCP packet to

CVE-2017-6702 [MEDIUM] CWE-79 CVE-2017-6702: A vulnerability in the web framework of Cisco SocialMiner could allow an unauthenticated, remote att A vulnerability in the web framework of Cisco SocialMiner could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web interface of an affected system. More Information: CSCve15285. Known Affected Releases: 11.5(1).

CVE-2015-6356 [MEDIUM] CWE-79 CVE-2015-6356: Cross-site scripting (XSS) vulnerability in the WeChat page in Cisco Social Miner 10.0(1) allows rem Cross-site scripting (XSS) vulnerability in the WeChat page in Cisco Social Miner 10.0(1) allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, aka Bug ID CSCuw60212.