Cross-Site Scripting Vulnerability in Cisco Small Business Phones
CVE-2014-3313

Currently unrated

Key Information:

Vendor: Cisco
Status: Spa 512g 1-line Ip Phone; Spa941 4-line Ip Phone With 1-port Ethernet; Spa 504g 4-line Ip Phone; Spa 525g 5-line Ip Phone
Vendor: CVE Published:; 9 July 2014

Summary

A cross-site scripting (XSS) vulnerability exists in the web user interface of Cisco Small Business SPA300 and SPA500 series phones. This vulnerability enables remote attackers to inject arbitrary script or HTML content into affected devices through a specially crafted URL. If exploited, this flaw can lead to unauthorized actions performed on behalf of users accessing the UI of these phones.

References

http://tools.cisco.com/security/center/viewAlert.x?alertI...

x_refsource_CONFIRM

http://www.securitytracker.com/id/1030553

vdb-entryx_refsource_SECTRACK

http://www.securityfocus.com/bid/68464

vdb-entryx_refsource_BID

Timeline

Vulnerability published
Jul 9, 2014
Vulnerability Reserved
May 7, 2014