Reflected Cross-Site Scripting in Cisco Small Business 300 Series Managed Switches
CVE-2018-0408

5.4MEDIUM

Key Information:

Vendor: Cisco
Status: Cisco Small Business 300 Series Managed Switches Unknown
Vendor: CVE Published:; 1 August 2018

Summary

A vulnerability exists in the web-based management interface of Cisco Small Business 300 Series Managed Switches, allowing an authenticated remote attacker to perform a reflected cross-site scripting (XSS) attack. This security issue arises from the inadequate validation of user inputs within the management interface. By tricking a user into clicking a maliciously crafted link, an attacker could execute arbitrary script code in the context of the management interface, potentially gaining access to sensitive information within the user's browser. This vulnerability highlights the importance of robust input validation mechanisms to safeguard against exploitation.

Affected Version(s)

Cisco Small Business 300 Series Managed Switches unknown Cisco Small Business 300 Series Managed Switches unknown

References

https://tools.cisco.com/security/center/content/CiscoSecu...

x_refsource_CONFIRM

http://www.securityfocus.com/bid/104948

vdb-entryx_refsource_BID

CVSS V3.1

Score:

5.4

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

Required

Scope:

Changed

Timeline

Vulnerability published
Aug 1, 2018
Vulnerability Reserved
Nov 27, 2017