CVE-2023-20181

Summary

A vulnerability in the web-based management interface of Cisco Small Business SPA500 Series IP Phones could allow an unauthenticated, remote attacker to conduct XSS attacks. This vulnerability is due to insufficient validation of user-supplied input by the web-based management interface of the affected software. An attacker could exploit this vulnerability by persuading a user to click a crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive, browser-based information.

Affected Software

VendorProductVersion RangeStatus
CiscoCisco Small Business IP Phones7.6.0affected
CiscoCisco Small Business IP Phones7.6.2affected
CiscoCisco Small Business IP Phones7.6.2SR3affected
CiscoCisco Small Business IP Phones7.6.2SR6affected
CiscoCisco Small Business IP Phones7.6.2SR2affected
CiscoCisco Small Business IP Phones7.6.2SR4affected
CiscoCisco Small Business IP Phones7.6.2SR1affected
CiscoCisco Small Business IP Phones7.6.2SR5affected
CiscoCisco Small Business IP Phones7.6.2SR7affected
CiscoCisco Small Business IP Phones7.6.1affected
CiscoCisco Small Business IP Phones7.3.7affected
CiscoCisco Small Business IP Phones7.5.5affected
CiscoCisco Small Business IP Phones7.5.6(XU)affected
CiscoCisco Small Business IP Phones7.5.2affected
CiscoCisco Small Business IP Phones7.5.2aaffected
CiscoCisco Small Business IP Phones7.5.7affected
CiscoCisco Small Business IP Phones7.5.3affected
CiscoCisco Small Business IP Phones7.5.6affected
CiscoCisco Small Business IP Phones7.5.2baffected
CiscoCisco Small Business IP Phones7.5.6caffected
CiscoCisco Small Business IP Phones7.5.6aaffected
CiscoCisco Small Business IP Phones7.5.7saffected
CiscoCisco Small Business IP Phones7.5.1affected
CiscoCisco Small Business IP Phones7.5.5aaffected
CiscoCisco Small Business IP Phones7.5.5baffected
CiscoCisco Small Business IP Phones7.5.4affected
CiscoCisco Small Business IP Phones7.4.7affected
CiscoCisco Small Business IP Phones7.4.4affected
CiscoCisco Small Business IP Phones7.4.8affected
CiscoCisco Small Business IP Phones7.4.3affected
CiscoCisco Small Business IP Phones7.4.9affected
CiscoCisco Small Business IP Phones7.4.6affected

Weaknesses

  • CWE-80: Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS)

ADP Enrichment

CVE Program Container

Additional References

References