Stored XSS Vulnerability in Cisco BroadWorks Management Interface
CVE-2024-20270

5.4MEDIUM

Key Information:

Vendor: Cisco
Status: Cisco Broadworks
Vendor: CVE Published:; 17 January 2024

Badges

👾 Exploit Exists

What is CVE-2024-20270?

A stored cross-site scripting vulnerability exists in the web-based management interface of Cisco BroadWorks Application Delivery Platform and Cisco BroadWorks Xtended Services Platform due to improper validation of user input. An authenticated, remote attacker could exploit this vulnerability by persuading a user to click on a specially crafted link, potentially executing arbitrary scripts within the context of the affected interface. This could lead to unauthorized access to sensitive information stored in the browser, posing a security risk to users.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

Cisco BroadWorks 24.0 ap375672

Cisco BroadWorks 24.0 ap375655

Cisco BroadWorks 24.0 ap376979

References

https://sec.cloudapps.cisco.com/security/center/content/C...

CVSS V3.1

Score:

5.4

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

Required

Scope:

Changed

Timeline

👾
Exploit known to exist
Jun 2, 2025
Vulnerability published
Jan 17, 2024
Vulnerability Reserved
Nov 8, 2023

JSON

Cisco