Cross-Site Scripting Vulnerability in Cisco IP Phone 8800 Series
CVE-2016-1476

5.4MEDIUM

Key Information:

Vendor
Cisco
Status
Ip Phone 8800 Series Firmware
Vendor
CVE Published:
22 August 2016

Summary

The vulnerability enables remote authenticated users on Cisco IP Phone 8800 devices with software version 11.0 to inject arbitrary web scripts or HTML through specially crafted parameters. This could lead to potential exploitation, allowing attackers to manipulate web content within the affected devices, thereby impacting the integrity of user information and overall security. For more details, see Cisco's advisory and security resources.

References

http://tools.cisco.com/security/center/content/CiscoSecur...
vendor-advisoryx_refsource_CISCO
http://www.securityfocus.com/bid/92404
vdb-entryx_refsource_BID
http://www.securitytracker.com/id/1036595
vdb-entryx_refsource_SECTRACK

CVSS V3.1

Score:
5.4
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
Required
Scope:
Changed

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.