CVE-2016-1471

Published: Sep 2, 2016Modified: May 6, 2026

6.1

Vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Exploitability: 2.8 / Impact: 2.7

Source: NVD

Description

Cross-site scripting (XSS) vulnerability in the web-based management interface on Cisco Small Business 220 devices with firmware before 1.0.1.1 allows remote attackers to inject arbitrary web script or HTML via a crafted URL, aka Bug ID CSCuz76232.

Affected (3)

Products: Cisco: Small Business 220 Series Smart Plus Switches

1 product

Small Business 220 Series Smart Plus Switches

Configuration A

3 vulnerable

Vulnerable Software	Affected Versions
Cisco Small Business 220 Series Smart Plus Switches	Version 1.0.0.17
Cisco Small Business 220 Series Smart Plus Switches	Version 1.0.0.18
Cisco Small Business 220 Series Smart Plus Switches	Version 1.0.0.19

Related CWEs

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.

References (8)

http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160831-sps1

Source: psirt@cisco.com

Vendor Advisory

http://www.securityfocus.com/bid/92713

Source: psirt@cisco.com

http://www.securitytracker.com/id/1036723

Source: psirt@cisco.com

http://www.synacktiv.com/ressources/advisories_cisco_switch_sg220_xss.pdf

Source: psirt@cisco.com

ExploitThird Party Advisory

http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160831-sps1

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

http://www.securityfocus.com/bid/92713

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.securitytracker.com/id/1036723

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.synacktiv.com/ressources/advisories_cisco_switch_sg220_xss.pdf

Source: af854a3a-2127-422b-91ae-364da2661108

ExploitThird Party Advisory

Timeline

No history available yet.