CVE-2019-1827Cross-site Scripting in Cisco Small Business RV Series Router Firmware

CWE-79Cross-site Scripting6 documents5 sources
Severity
6.1MEDIUMNVD
EPSS
0.2%
top 51.97%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
3
Cisco Small Business RV Series Router FirmwareCisco Rv320 FirmwareCisco Rv325 Firmware
Timeline
PublishedApr 4
Latest updateMay 13

Description

A vulnerability in the Online Help web service of Cisco Small Business RV320 and RV325 Dual Gigabit WAN VPN Routers could allow an unauthenticated, remote attacker to conduct a reflected cross-site scripting (XSS) attack against a user of the service. The vulnerability exists because the Online Help web service of an affected device insufficiently validates user-supplied input. An attacker could exploit this vulnerability by persuading a user of the service to click a malicious link. A successfu

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:NExploitability: 2.8 | Impact: 2.7

Affected Packages3 packages

CVEListV5cisco/cisco_small_business_rv_series_router_firmwareunspecified1.4.2.22
NVDcisco/rv320_firmware< 1.4.2.22
NVDcisco/rv325_firmware< 1.4.2.22

🔴Vulnerability Details

2
GHSA
GHSA-82x3-cxj5-262m: A vulnerability in the Online Help web service of Cisco Small Business RV320 and RV325 Dual Gigabit WAN VPN Routers could allow an unauthenticated, re2022-05-13
CVEList
Cisco Small Business RV320 and RV325 Routers Online Help Reflected Cross-Site Scripting Vulnerability2019-04-04

📋Vendor Advisories

1
Cisco
Cisco Small Business RV320 and RV325 Routers Online Help Reflected Cross-Site Scripting Vulnerability2019-04-04

🕵️Threat Intelligence

1
Tenable
Cisco Fixes Incomplete Patch for RV320 and RV325 Routers, Including Two New Bugs (CVE-2019-1827, CVE-2019-1828)2019-04-04
CVE-2019-1827 — Cross-site Scripting in Cisco | cvebase