Cross-Site Scripting Vulnerability in Cisco Small Business 300 Series Managed Switches
CVE-2018-0407

5.4MEDIUM

Key Information:

Vendor: Cisco
Status: Cisco Small Business 300 Series Managed Switches Unknown
Vendor: CVE Published:; 1 August 2018

Summary

A vulnerability in the web-based management interface of Cisco Small Business 300 Series Managed Switches enables authenticated attackers to conduct persistent cross-site scripting (XSS) attacks. This issue arises from insufficient validation of user-supplied input within the interface, allowing attackers to exploit it by enticing users to click on specially crafted links. Successful exploitation can lead to arbitrary script execution in the context of the management interface, giving attackers access to sensitive browser-based information.

Affected Version(s)

Cisco Small Business 300 Series Managed Switches unknown Cisco Small Business 300 Series Managed Switches unknown

References

http://www.securityfocus.com/bid/104947

vdb-entryx_refsource_BID

https://tools.cisco.com/security/center/content/CiscoSecu...

x_refsource_CONFIRM

CVSS V3.1

Score:

5.4

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

Required

Scope:

Changed

Timeline

Vulnerability published
Aug 1, 2018
Vulnerability Reserved
Nov 27, 2017