Cross-site Scripting Vulnerability in Cisco BroadWorks CommPilot Application Software
CVE-2023-20204

5.4MEDIUM

Key Information:

Vendor: Cisco
Status: Cisco BroadWorks
Vendor: CVE Published:; 3 August 2023

Summary

A vulnerability in the web-based management interface of Cisco's BroadWorks CommPilot Application Software allows authenticated, remote attackers to launch cross-site scripting attacks. This occurs due to inadequate validation of user-supplied inputs, enabling attackers to persuade users to click on crafted links. Upon successful exploitation, attackers can execute arbitrary script code within the context of the affected interface or gain unauthorized access to sensitive, browser-based information. It is crucial for organizations using this software to implement robust security measures to mitigate this risk.

Affected Version(s)

Cisco BroadWorks 24.0 ap375672

Cisco BroadWorks 24.0 ap375655

Cisco BroadWorks 24.0 ap376979

References

https://sec.cloudapps.cisco.com/security/center/content/C...

CVSS V3.1

Score:

5.4

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

Required

Scope:

Changed

Timeline

Vulnerability published
Aug 3, 2023
Vulnerability Reserved
Oct 27, 2022