CVE-2024-20362

CWE-806 documents5 sources

Severity

6.1MEDIUM

EPSS

0.2%

top 51.81%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Cisco Cisco Small Business RV Series Router Firmware

Timeline

PublishedApr 3

Description

A vulnerability in the web-based management interface of Cisco Small Business RV016, RV042, RV042G, RV082, RV320, and RV325 Routers could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the interface. This vulnerability is due to insufficient input validation by the web-based management interface. An attacker could exploit this vulnerability by persuading a user to visit specific web pages that include malicious payloads. A successful ex…

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:NExploitability: 2.8 | Impact: 2.7

Affected Packages1 packages

▶CVEListV5cisco/cisco_small_business_rv_series_router_firmware27 versions+26

🔴Vulnerability Details

GHSA

GHSA-cjq2-28pq-mq54: A vulnerability in the web-based management interface of Cisco Small Business RV016, RV042, RV042G, RV082, RV320, and RV325 Routers could allow an una↗2024-04-03

▶

CVEList

CVE-2024-20362: A vulnerability in the web-based management interface of Cisco Small Business RV016, RV042, RV042G, RV082, RV320, and RV325 Routers could allow an una↗2024-04-03

▶

📋Vendor Advisories

Cisco

Cisco Small Business RV016, RV042, RV042G, RV082, RV320, and RV325 Routers Cross-Site Scripting Vulnerability↗2024-04-03

▶