Cisco IP Phone is a hardware device from the American company Cisco (Cisco). IP Phone that provides calling capabilities. Cisco IP Phones suffers from a cross-site scripting vulnerability that stems from the lack of effective filtering and escaping of user-supplied data in the web-based management interface, which can be exploited by an attacker to execute arbitrary web script or HTML by injecting a carefully crafted payload.