CVE-2019-12718 — Cross-site Scripting in Cisco Small Business 200 Series Smart Switches

CWE-79 — Cross-site Scripting4 documents4 sources

Severity

6.1MEDIUMNVD

EPSS

0.3%

top 45.06%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

109

Cisco Small Business 200 Series Smart Switches Cisco Sf200-24 Firmware Cisco Sf200-24fp Firmware +106 more

Timeline

PublishedOct 16

Latest updateMay 24

Description

A vulnerability in the web-based interface of Cisco Small Business Smart and Managed Switches could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web-based interface. The vulnerability is due to insufficient validation of user-supplied input by the web-based interface of the affected device. An attacker could exploit this vulnerability by persuading a user of the interface to click a malicious link and subsequently access a specifi…

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:NExploitability: 2.8 | Impact: 2.7

Affected Packages109 packages

▶CVEListV5cisco/cisco_small_business_200_series_smart_switchesunspecified — n/a

▶NVDcisco/sf200-24_firmware< 1.4.11

▶NVDcisco/sf200-48_firmware< 1.4.11

▶NVDcisco/sf250-08_firmware< 2.5.0.90

▶NVDcisco/sf250-18_firmware< 2.5.0.90

🔴Vulnerability Details

GHSA

GHSA-f624-83vj-56hf: A vulnerability in the web-based interface of Cisco Small Business Smart and Managed Switches could allow an unauthenticated, remote attacker to condu↗2022-05-24

▶

CVEList

Cisco Small Business Smart and Managed Switches Cross-Site Scripting Vulnerability↗2019-10-16

▶

📋Vendor Advisories

Cisco

Cisco Small Business Smart and Managed Switches Cross-Site Scripting Vulnerability↗2019-10-16

▶