Cross-Site Scripting Flaw in Cisco Small Business 220 Devices
CVE-2016-1471

6.1MEDIUM

Key Information:

Vendor
Cisco
Status
Small Business 220 Series Smart Plus Switches
Vendor
CVE Published:
2 September 2016

Summary

A Cross-Site Scripting (XSS) vulnerability exists in the web-based management interface of Cisco Small Business 220 devices with firmware prior to version 1.0.1.1. This flaw allows remote attackers to inject arbitrary web scripts or HTML into the interface through specially crafted URLs. As a consequence, attackers may exploit this vulnerability to execute malicious scripts in the context of a user's session, leading to potential unauthorized actions or data exposure. Properly securing the management interface is essential to mitigate these risks.

References

http://www.securitytracker.com/id/1036723
vdb-entryx_refsource_SECTRACK
http://www.securityfocus.com/bid/92713
vdb-entryx_refsource_BID
http://tools.cisco.com/security/center/content/CiscoSecur...
vendor-advisoryx_refsource_CISCO

CVSS V3.1

Score:
6.1
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Changed

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.