Cross site scripting

2021-06-1618:15:00

PRIOn knowledge base

www.prio-n.com

6.2 Medium

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

30.5%

JSON

Multiple vulnerabilities in the web-based management interface of Cisco Small Business 220 Series Smart Switches could allow an attacker to do the following: Hijack a user session Execute arbitrary commands as a root user on the underlying operating system Conduct a cross-site scripting (XSS) attack Conduct an HTML injection attack For more information about these vulnerabilities, see the Details section of this advisory.

CPENameOperatorVersion
sf220-24_firmwarelt1.2.0.6
sf220-24p_firmwarelt1.2.0.6
sf220-48_firmwarelt1.2.0.6
sf220-48p_firmwarelt1.2.0.6
sg220-26_firmwarelt1.2.0.6
sg220-26p_firmwarelt1.2.0.6
sg220-28mp_firmwarelt1.2.0.6
sg220-50_firmwarelt1.2.0.6
sg220-50p_firmwarelt1.2.0.6

Name	Operator	Version
sf220-24_firmware	lt	1.2.0.6
sf220-24p_firmware	lt	1.2.0.6
sf220-48_firmware	lt	1.2.0.6
sf220-48p_firmware	lt	1.2.0.6
sg220-26_firmware	lt	1.2.0.6
sg220-26p_firmware	lt	1.2.0.6
sg220-28mp_firmware	lt	1.2.0.6
sg220-50_firmware	lt	1.2.0.6
sg220-50p_firmware	lt	1.2.0.6