Cross site scripting

2023-08-0322:15:00

PRIOn knowledge base

www.prio-n.com

cisco broadworks

web-based management

cross-site scripting

xss attack

input validation

0.001 Low

EPSS

Percentile

20.9%

JSON

A vulnerability in the web-based management interface of Cisco BroadWorks CommPilot Application Software could allow an authenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the interface.

This vulnerability exists because the web-based management interface does not properly validate user-supplied input. An attacker could exploit this vulnerability by persuading a user to click a crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive, browser-based information.

CPENameOperatorVersion
broadworks_application_delivery_platformeq< ri.2023.6
broadworks_application_serverlt2023.06
broadworks_application_serverlt23.0.2023.08
broadworks_application_serverge24.0
broadworks_application_serverlt24.0.2023.08
broadworks_xtended_services_platformlt23.0.2023.08

Name	Operator	Version
broadworks_application_delivery_platform	eq	< ri.2023.6
broadworks_application_server	lt	2023.06
broadworks_application_server	lt	23.0.2023.08
broadworks_application_server	ge	24.0
broadworks_application_server	lt	24.0.2023.08
broadworks_xtended_services_platform	lt	23.0.2023.08