Cisco TelePresence Management Suite Software Vulnerability Could Lead to Cross-Site Scripting Attacks
CVE-2023-20248

Currently unrated

Key Information:

Vendor: Cisco
Status: Cisco Telepresence Management Suite (tms)
Vendor: CVE Published:; 24 April 2024

Badges

👾 Exploit Exists

Summary

A vulnerability exists in the web-based management interface of the Cisco TelePresence Management Suite (TMS) Software, enabling authenticated, remote attackers to potentially carry out a cross-site scripting (XSS) attack. This issue arises from inadequate input validation within the management interface, which allows malicious data to be inserted into specific fields. If exploited, the attacker could execute arbitrary script code within the context of the affected interface or gain unauthorized access to sensitive information stored in the user's browser.

Affected Version(s)

Cisco TelePresence Management Suite (TMS)

References

https://sec.cloudapps.cisco.com/security/center/content/C...

Timeline

👾
Exploit known to exist
Aug 29, 2024
Vulnerability published
Apr 24, 2024
Vulnerability Reserved
Oct 27, 2022