A vulnerability in the web-based management interface of Cisco Small Business SPA500 Series IP Phones could allow an unauthenticated, remote malicious user to conduct XSS attacks. This vulnerability is due to insufficient validation of user-supplied input by the web-based management interface of the affected software. An attacker could exploit this vulnerability by persuading a user to click a crafted link. A successful exploit could allow the malicious user to execute arbitrary script code in the context of the affected interface or access sensitive, browser-based information.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
cisco spa500ds_firmware - |
||
cisco spa500s_firmware - |
||
cisco spa501g_firmware - |
||
cisco spa502g_firmware - |
||
cisco spa504g_firmware - |
||
cisco spa508g_firmware - |
||
cisco spa509g_firmware - |
||
cisco spa512g_firmware - |
||
cisco spa514g_firmware - |
||
cisco spa525_firmware - |
||
cisco spa525g_firmware - |
||
cisco spa525g2_firmware - |