CVE-2020-3431 — Cross-site Scripting in Cisco Small Business RV Series Router Firmware

CWE-79 — Cross-site Scripting5 documents5 sources

Severity

6.1MEDIUMNVD

EPSS

0.1%

top 74.50%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Cisco Small Business RV Series Router Firmware

Timeline

PublishedNov 18

Description

A vulnerability in the web-based management interface of Cisco Small Business RV042 Dual WAN VPN Routers and Cisco Small Business RV042G Dual Gigabit WAN VPN Routers could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web-based management interface of an affected device. The vulnerability is due to insufficient validation of user-supplied input by the web-based management interface of the affected software. An attacker could exploi…

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:NExploitability: 2.8 | Impact: 2.7

Affected Packages1 packages

▶CVEListV5cisco/cisco_small_business_rv_series_router_firmwareN/A

🔴Vulnerability Details

CVEList

Cisco Small Business RV Series Routers Cross-Site Scripting Vulnerability↗2024-11-18

▶

GHSA

GHSA-x469-9qwg-89hw: A vulnerability in the web-based management interface of Cisco Small Business RV042 Dual WAN VPN Routers and Cisco Small Business RV042G Dual Gigabit↗2024-11-18

▶

📋Vendor Advisories

Cisco

Cisco Small Business RV042 and RV042G Routers Cross-Site Scripting Vulnerability↗2020-07-01

▶