Reflected Cross-Site Scripting Vulnerability in Cisco Small Business Managed Switches
CVE-2017-12307

6.1MEDIUM

Key Information:

Vendor: Cisco
Status: Cisco Small Business 300 And 500 Series Managed Switches
Vendor: CVE Published:; 18 January 2018

Summary

A vulnerability exists in the web framework of Cisco Small Business Managed Switches that enables unauthorized attackers to execute reflected cross-site scripting (XSS) attacks. This flaw arises from inadequate input validation of parameters sent to the web server, allowing malicious actors to manipulate user requests. By luring a user into clicking a compromised link or by injecting code into requests, attackers can run arbitrary scripts within the web interface of affected systems. Successful exploitation could lead to unauthorized access to sensitive information stored in the user's browser, posing a significant risk to data integrity and user security.

Affected Version(s)

Cisco Small Business 300 and 500 Series Managed Switches Cisco Small Business 300 and 500 Series Managed Switches

References

https://tools.cisco.com/security/center/content/CiscoSecu...

x_refsource_CONFIRM

http://www.securityfocus.com/bid/102718

vdb-entryx_refsource_BID

CVSS V3.1

Score:

6.1

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Changed

Timeline

Vulnerability published
Jan 18, 2018
Vulnerability Reserved
Aug 3, 2017