CVE-2014-3313

Currently unrated

Key Information:

Vendor: Cisco
Status: Spa 512g 1-line Ip Phone; Spa941 4-line Ip Phone With 1-port Ethernet; Spa 504g 4-line Ip Phone; Spa 525g 5-line Ip Phone
Vendor: CVE Published:; 9 July 2014

Summary

Cross-site scripting (XSS) vulnerability in the web user interface on Cisco Small Business SPA300 and SPA500 phones allows remote attackers to inject arbitrary web script or HTML via a crafted URL, aka Bug ID CSCuo52582.

References

http://tools.cisco.com/security/center/viewAlert.x?alertI...

x_refsource_CONFIRM

http://www.securitytracker.com/id/1030553

vdb-entryx_refsource_SECTRACK

http://www.securityfocus.com/bid/68464

vdb-entryx_refsource_BID

Timeline

Vulnerability published
Jul 9, 2014
Vulnerability Reserved
May 7, 2014