CVE-2019-1827
published 2019-04-04CVE-2019-1827: A vulnerability in the Online Help web service of Cisco Small Business RV320 and RV325 Dual Gigabit WAN VPN Routers could allow an unauthenticated, remote…
medium6.1CVSS 3.0
AVNACLPRNUIRSCCLILAN
A vulnerability in the Online Help web service of Cisco Small Business RV320 and RV325 Dual Gigabit WAN VPN Routers could allow an unauthenticated, remote attacker to conduct a reflected cross-site scripting (XSS) attack against a user of the service. The vulnerability exists because the Online Help web service of an affected device insufficiently validates user-supplied input. An attacker could exploit this vulnerability by persuading a user of the service to click a malicious link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected service or access sensitive browser-based information.This vulnerability affects Cisco Small Business RV320 and RV325 Dual Gigabit WAN VPN Routers running firmware releases prior to 1.4.2.22.
Affected
4 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| cisco | cisco_small_business_rv_series_router_firmware | >= unspecified < 1.4.2.22 | 1.4.2.22 |
| cisco | rv320_firmware | < 1.4.2.22 | 1.4.2.22 |
| cisco | rv325_firmware | < 1.4.2.22 | 1.4.2.22 |
| cisco | small_business_rv320_and_rv325_routers_online_help_reflected | — | — |