Описание
Cross-site scripting (XSS) vulnerability on Cisco IP Phone 8800 devices with software 11.0 allows remote authenticated users to inject arbitrary web script or HTML via crafted parameters, aka Bug ID CSCuz03024.
Ссылки
- http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160810-ip-phone-8800MitigationVendor Advisory
- http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160810-ip-phone-8800MitigationVendor Advisory
Уязвимые конфигурации
Конфигурация 1
Одновременно
cpe:2.3:o:cisco:ip_phone_8800_series_firmware:11.0_base:*:*:*:*:*:*:*
cpe:2.3:h:cisco:ip_phone_8800:-:*:*:*:*:*:*:*
EPSS
Процентиль: 41%
0.00189
Низкий
5.4 Medium
CVSS3
3.5 Low
CVSS2
Дефекты
CWE-79
Связанные уязвимости
CVSS3: 5.4
github
больше 3 лет назад
Cross-site scripting (XSS) vulnerability on Cisco IP Phone 8800 devices with software 11.0 allows remote authenticated users to inject arbitrary web script or HTML via crafted parameters, aka Bug ID CSCuz03024.
EPSS
Процентиль: 41%
0.00189
Низкий
5.4 Medium
CVSS3
3.5 Low
CVSS2
Дефекты
CWE-79