CVE-2016-1476

Published: Aug 22, 2016Modified: May 6, 2026

5.4

Vector

CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

Exploitability: 2.3 / Impact: 2.7

Source: NVD

Description

Cross-site scripting (XSS) vulnerability on Cisco IP Phone 8800 devices with software 11.0 allows remote authenticated users to inject arbitrary web script or HTML via crafted parameters, aka Bug ID CSCuz03024.

Affected (1)

Products: Cisco: Ip Phone 8800 Series Firmware

Cisco

1 product

Ip Phone 8800 Series Firmware

Configuration A

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Cisco Ip Phone 8800 Series Firmware	Version 11.0_base

Running on/with	Platform Versions
Cisco Ip Phone 8800	All versions

Related CWEs

CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.

References (6)

http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160810-ip-phone-8800

Source: psirt@cisco.com

MitigationVendor Advisory

http://www.securityfocus.com/bid/92404

Source: psirt@cisco.com

http://www.securitytracker.com/id/1036595

Source: psirt@cisco.com

http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160810-ip-phone-8800

Source: af854a3a-2127-422b-91ae-364da2661108

MitigationVendor Advisory

http://www.securityfocus.com/bid/92404

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.securitytracker.com/id/1036595

Source: af854a3a-2127-422b-91ae-364da2661108

Timeline

No history available yet.