Cross site scripting

2019-10-1619:15:00

PRIOn knowledge base

www.prio-n.com

0.001 Low

EPSS

Percentile

29.2%

JSON

A vulnerability in the web-based management interface of Cisco SPA100 Series Analog Telephone Adapters (ATAs) could allow an authenticated, remote attacker to conduct cross-site scripting attacks. The vulnerability is due to insufficient validation of user-supplied input by the web-based management interface of the affected software. An attacker could exploit this vulnerability by persuading a user to click a crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive, browser-based information.

CPENameOperatorVersion
spa112_firmwarelt1.4.1
spa112_firmwareeq1.4.1
spa112_firmwareeq1.4.1 sr1
spa112_firmwareeq1.4.1 sr2
spa112_firmwareeq1.4.1 sr3
spa122_firmwarelt1.4.1
spa122_firmwareeq1.4.1
spa122_firmwareeq1.4.1 sr1
spa122_firmwareeq1.4.1 sr2
spa122_firmwareeq1.4.1 sr3

Name	Operator	Version
spa112_firmware	lt	1.4.1
spa112_firmware	eq	1.4.1
spa112_firmware	eq	1.4.1 sr1
spa112_firmware	eq	1.4.1 sr2
spa112_firmware	eq	1.4.1 sr3
spa122_firmware	lt	1.4.1
spa122_firmware	eq	1.4.1
spa122_firmware	eq	1.4.1 sr1
spa122_firmware	eq	1.4.1 sr2
spa122_firmware	eq	1.4.1 sr3