CVE-2014-3313
Cisco Small Business SPA300/SPA500 Series IP Phones are affected by CVE-2014-3313: an XSS in the web UI allows remote attackers to inject arbitrary script via a crafted URL due to insufficient input validation. Impact is limited to the affected devices’ web interface; Cisco and CERT advisories in...