CVE-2016-1396Cross-site Scripting in Cisco Rv110w Wireless-n VPN Firewall Firmware

CWE-79Cross-site Scripting4 documents4 sources
Severity
6.1MEDIUMNVD
EPSS
0.3%
top 51.58%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
3
Cisco Rv110w Wireless-n VPN Firewall FirmwareCisco Rv130w Wireless-n Multifunction VPN Router FirmwareCisco Rv215w Wireless-n VPN Router Firmware
Timeline
PublishedJun 19
Latest updateMay 17

Description

Cross-site scripting (XSS) vulnerability in the web-based management interface on Cisco RV110W devices with firmware before 1.2.1.7, RV130W devices with firmware before 1.0.3.16, and RV215W devices with firmware before 1.3.0.8 allows remote attackers to inject arbitrary web script or HTML via a crafted parameter, aka Bug ID CSCux82583.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:NExploitability: 2.8 | Impact: 2.7

Affected Packages3 packages

🔴Vulnerability Details

2
GHSA
GHSA-2359-9wr6-w9cg: Cross-site scripting (XSS) vulnerability in the web-based management interface on Cisco RV110W devices with firmware before 12022-05-17
CVEList
CVE-2016-1396: Cross-site scripting (XSS) vulnerability in the web-based management interface on Cisco RV110W devices with firmware before 12016-06-19

📋Vendor Advisories

1
Cisco
Cisco RV110W, RV130W, and RV215W Routers Cross-Site Scripting Vulnerability2016-06-15
CVE-2016-1396 — Cross-site Scripting in Cisco | cvebase