CVE-2019-16025

CWE-79 — Cross-site Scripting (XSS)4 documents4 sources

Severity

4.8MEDIUM

EPSS

0.2%

top 64.21%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Cisco Emergency Responder Cisco Cisco Emergency Responder

Timeline

PublishedSep 23

Latest updateMay 24

Description

A vulnerability in the web framework of Cisco Emergency Responder could allow an authenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web-based management interface. The vulnerability is due to insufficient validation of some parameters that are passed to the web server of the affected software. An attacker could exploit this vulnerability by persuading a user to access a malicious link or by intercepting a user request for the affected web interfac…

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:NExploitability: 1.7 | Impact: 2.7

Affected Packages2 packages

▶NVDcisco/emergency_responder12.5_su1

▶CVEListV5cisco/cisco_emergency_respondern/a

🔴Vulnerability Details

GHSA

GHSA-h52m-3w75-qf28: A vulnerability in the web framework of Cisco Emergency Responder could allow an authenticated, remote attacker to conduct a cross-site scripting (XSS↗2022-05-24

▶

CVEList

Cisco Emergency Responder Stored Cross-Site Scripting Vulnerability↗2020-09-23

▶

📋Vendor Advisories

Cisco

Cisco Emergency Responder Stored Cross-Site Scripting Vulnerability↗2020-01-08

▶