Stored Cross-Site Scripting Vulnerability in Cisco Small Business Switches
CVE-2023-20188

4.8MEDIUM

Key Information:

Vendor: Cisco
Status: Cisco Small Business Smart and Managed Switches
Vendor: CVE Published:; 28 June 2023

Summary

A security flaw exists in the web-based management interface of several Cisco Small Business Switches, enabling authenticated attackers to execute stored cross-site scripting (XSS) attacks. This vulnerability arises from inadequate validation of input provided by users. By deceiving a victim into accessing a malicious page, an attacker can potentially run arbitrary scripts within the context of the management interface, which may lead to unauthorized data access and manipulation. Effective exploitation requires valid credentials to access the management interface, as Cisco has not issued any updates to rectify this issue.

Affected Version(s)

Cisco Small Business Smart and Managed Switches 1.0.0.16

Cisco Small Business Smart and Managed Switches 1.0.0.19

Cisco Small Business Smart and Managed Switches 1.0.0.27

References

https://sec.cloudapps.cisco.com/security/center/content/C...

CVSS V3.1

Score:

4.8

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

High

User Interaction:

Required

Scope:

Changed

Timeline

Vulnerability published
Jun 28, 2023
Vulnerability Reserved
Oct 27, 2022