A vulnerability in web-based management interface of Cisco SPA500 Series Analog Telephone Adapters (ATAs) could allow an authenticated, remote attacker to to modify a web page in the context of a users browser.
This vulnerability is due to insufficient validation of user-supplied input by the web-based management interface of the affected software. An attacker could exploit this vulnerability by persuading a user to click a crafted link. A successful exploit could allow the attacker to alter the contents of a web page to redirect the user to potentially malicious websites, or the attacker could use this vulnerability to conduct further client-side attacks.
Cisco will not release software updates that address this vulnerability.
{{value}} [%7b%7bvalue%7d%7d])}]]
The product receives input from an upstream component, but it does not neutralize or incorrectly neutralizes special characters such as “<”, “>”, and “&” that could be interpreted as web-scripting elements when they are sent to a downstream component that processes web pages.
Name | Vendor | Start Version | End Version |
---|---|---|---|
Spa500ds_firmware | Cisco | - (including) | - (including) |