A vulnerability in the web-based management interface of Cisco Small Business SPA500 Series IP Phones could allow an unauthenticated, remote attacker to conduct XSS attacks. This vulnerability is due to insufficient validation of user-supplied input by the web-based management interface of the affected software. An attacker could exploit this vulnerability by persuading a user to click a crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive, browser-based information.
References
| Link | Resource |
|---|---|
| https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-spa-web-multi-7kvPmu2F | Vendor Advisory |
Configurations
Configuration 1 (hide)
| AND |
|
Configuration 2 (hide)
| AND |
|
Configuration 3 (hide)
| AND |
|
Configuration 4 (hide)
| AND |
|
Configuration 5 (hide)
| AND |
|
Configuration 6 (hide)
| AND |
|
Configuration 7 (hide)
| AND |
|
Configuration 8 (hide)
| AND |
|
Configuration 9 (hide)
| AND |
|
Configuration 10 (hide)
| AND |
|
Configuration 11 (hide)
| AND |
|
Configuration 12 (hide)
| AND |
|
History
25 Jan 2024, 17:15
| Type | Values Removed | Values Added |
|---|---|---|
| CWE | CWE-80 |
09 Aug 2023, 15:35
| Type | Values Removed | Values Added |
|---|---|---|
| CVSS |
v2 : v3 : |
v2 : unknown
v3 : 6.1 |
| CWE | CWE-79 | |
| First Time |
Cisco spa504g
Cisco spa525g2 Firmware Cisco spa512g Firmware Cisco spa525g Firmware Cisco spa504g Firmware Cisco spa500ds Cisco spa500s Cisco spa502g Cisco Cisco spa509g Firmware Cisco spa514g Cisco spa501g Firmware Cisco spa502g Firmware Cisco spa512g Cisco spa525g Cisco spa500s Firmware Cisco spa501g Cisco spa525 Cisco spa508g Cisco spa508g Firmware Cisco spa525 Firmware Cisco spa509g Cisco spa525g2 Cisco spa514g Firmware Cisco spa500ds Firmware |
|
| References | (MISC) https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-spa-web-multi-7kvPmu2F - Vendor Advisory | |
| CPE | cpe:2.3:o:cisco:spa501g_firmware:-:*:*:*:*:*:*:* cpe:2.3:h:cisco:spa509g:-:*:*:*:*:*:*:* cpe:2.3:o:cisco:spa514g_firmware:-:*:*:*:*:*:*:* cpe:2.3:o:cisco:spa500ds_firmware:-:*:*:*:*:*:*:* cpe:2.3:h:cisco:spa502g:-:*:*:*:*:*:*:* cpe:2.3:h:cisco:spa525g2:-:*:*:*:*:*:*:* cpe:2.3:o:cisco:spa508g_firmware:-:*:*:*:*:*:*:* cpe:2.3:h:cisco:spa501g:-:*:*:*:*:*:*:* cpe:2.3:h:cisco:spa512g:-:*:*:*:*:*:*:* cpe:2.3:o:cisco:spa509g_firmware:-:*:*:*:*:*:*:* cpe:2.3:h:cisco:spa504g:-:*:*:*:*:*:*:* cpe:2.3:o:cisco:spa500s_firmware:-:*:*:*:*:*:*:* cpe:2.3:h:cisco:spa525:-:*:*:*:*:*:*:* cpe:2.3:h:cisco:spa500s:-:*:*:*:*:*:*:* cpe:2.3:h:cisco:spa500ds:-:*:*:*:*:*:*:* cpe:2.3:o:cisco:spa525_firmware:-:*:*:*:*:*:*:* cpe:2.3:o:cisco:spa502g_firmware:-:*:*:*:*:*:*:* cpe:2.3:o:cisco:spa512g_firmware:-:*:*:*:*:*:*:* cpe:2.3:o:cisco:spa525g_firmware:-:*:*:*:*:*:*:* cpe:2.3:h:cisco:spa525g:-:*:*:*:*:*:*:* cpe:2.3:h:cisco:spa508g:-:*:*:*:*:*:*:* cpe:2.3:o:cisco:spa504g_firmware:-:*:*:*:*:*:*:* cpe:2.3:h:cisco:spa514g:-:*:*:*:*:*:*:* cpe:2.3:o:cisco:spa525g2_firmware:-:*:*:*:*:*:*:* |
03 Aug 2023, 22:15
| Type | Values Removed | Values Added |
|---|---|---|
| New CVE |
Information
Published : 2023-08-03 22:15
Updated : 2024-01-25 17:15
NVD link : CVE-2023-20181
Mitre link : CVE-2023-20181
CVE.ORG link : CVE-2023-20181
JSON object : View
Products Affected
cisco
- spa500ds_firmware
- spa514g_firmware
- spa500s
- spa514g
- spa508g
- spa525g2
- spa509g_firmware
- spa502g
- spa501g_firmware
- spa504g_firmware
- spa504g
- spa500s_firmware
- spa508g_firmware
- spa525g2_firmware
- spa500ds
- spa501g
- spa509g
- spa512g
- spa512g_firmware
- spa502g_firmware
- spa525g_firmware
- spa525
- spa525g
- spa525_firmware