The vulnerability in the web interface for controlling microprogrammed IP phones of the Cisco Small Business SPA500 series allows attackers to perform cross-site scripting attacks.

🗓️ 08 Aug 2023 00:00:00Reported by FSTEC of Russia — Information Security Threat DatabaseType

bdu_fstec

bdu_fstec🔗 bdu.fstec.ru👁 1 Views

The SPA500 series web interface vulnerability allows remote cross-site scripting on Cisco Small Business IP phones.

Reporter	Title	Published	Views	Family All 10
Cisco	Cisco Small Business SPA500 Series IP Phones Web UI Vulnerabilities	19 Jul 202316:00	–	cisco
CNNVD	Cisco Small Business SPA500 Series IP Phones 跨站脚本漏洞	20 Jul 202300:00	–	cnnvd
CNVD	Cisco Small Business SPA500 Series IP Phones Cross-Site Scripting Vulnerability	24 Jul 202300:00	–	cnvd
CVE	CVE-2023-20181	3 Aug 202321:22	–	cve
Cvelist	CVE-2023-20181	3 Aug 202321:22	–	cvelist
EUVD	EUVD-2023-24360	3 Oct 202520:07	–	euvd
NVD	CVE-2023-20181	3 Aug 202322:15	–	nvd
Prion	Design/Logic Flaw	3 Aug 202322:15	–	prion
Positive Technologies	PT-2022-6770 · Cisco · Cisco Small Business Spa500 Series Ip Phones	27 Oct 202200:00	–	ptsecurity
RedhatCVE	CVE-2023-20181	23 May 202503:03	–	redhatcve

Source	Link
cybersecurity-help	www.cybersecurity-help.cz/vdb/SB2023072009
vuldb	www.vuldb.com/ru/
sec	www.sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-spa-web-multi-7kvPmu2F
web	www.web.nvd.nist.gov/view/vuln/detail

08 Aug 2023 00:00Current

6Medium risk

Vulners AI Score6

CVSS 36.1

CVSS 26.4

EPSS0.00192

spa500 series web interface vulnerability cross site scripting remote exploitation ip phones