CVE-2023-20181 (spa500ds_firmware, spa500s_firmware, spa501g_firmware, spa502g_firmware, spa504g_firmware, spa508g_firmware, spa509g_firmware, spa512g_firmware, spa514g_firmware, spa525_firmware, spa525g_firmware, spa525g2_firmware)

A vulnerability in the web-based management interface of Cisco Small Business SPA500 Series IP Phones could allow an unauthenticated, remote attacker to conduct XSS attacks. This vulnerability is due to insufficient validation of user-supplied input by the web-based management interface of the affected software. An attacker could exploit this vulnerability by persuading a user to click a crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access …

attacks business cisco cve input interface ip phones management phones series software the web validation vulnerability web xss