CVE-2014-3313
4.3
Vector
AV:N/AC:M/Au:N/C:N/I:P/A:N
Exploitability: 8.6 / Impact: 2.9
Source: NVD
Description
Cross-site scripting (XSS) vulnerability in the web user interface on Cisco Small Business SPA300 and SPA500 phones allows remote attackers to inject arbitrary web script or HTML via a crafted URL, aka Bug ID CSCuo52582.
Affected (16)
Products: Cisco: Spa901 1 Line Ip Phone, Spa922 1 Line Ip Phone With 1 Port Ethernet, Spa941 4 Line Ip Phone With 1 Port Ethernet, Spa942 4 Line Ip Phone With 2 Port Switch, Spa962 6 Line Ip Phone With 2 Port Switch, Spa 301 1 Line Ip Phone, Spa 303 3 Line Ip Phone, Spa 501g 8 Line Ip Phone, Spa 502g 1 Line Ip Phone, Spa 504g 4 Line Ip Phone, Spa 508g 8 Line Ip Phone, Spa 509g 12 Line Ip Phone, Spa 512g 1 Line Ip Phone, Spa 514g 4 Line Ip Phone, Spa 525g2 5 Line Ip Phone, Spa 525g 5 Line Ip Phone
Configuration A
| Vulnerable Software | Affected Versions |
|---|---|
| All versions | |
| All versions | |
| All versions | |
| All versions | |
| All versions | |
| All versions | |
| All versions | |
| All versions | |
| All versions | |
| All versions | |
| All versions | |
| All versions | |
| All versions | |
| All versions | |
| All versions | |
| All versions |
References (12)
Source: psirt@cisco.com
Source: psirt@cisco.com
Vendor Advisory
Source: psirt@cisco.com
Vendor Advisory
Source: psirt@cisco.com
Source: psirt@cisco.com
Source: psirt@cisco.com
Source: af854a3a-2127-422b-91ae-364da2661108
Source: af854a3a-2127-422b-91ae-364da2661108
Vendor Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Vendor Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Source: af854a3a-2127-422b-91ae-364da2661108
Source: af854a3a-2127-422b-91ae-364da2661108
Timeline
No history available yet.