Vulnerabilities > Cisco > Broadworks Application Server > 23.0.2023.04

DATE CVE VULNERABILITY TITLE RISK
2023-08-03 CVE-2023-20204 Cross-site Scripting vulnerability in Cisco products
A vulnerability in the web-based management interface of Cisco BroadWorks CommPilot Application Software could allow an authenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the interface. This vulnerability exists because the web-based management interface does not properly validate user-supplied input.
network
low complexity
cisco CWE-79
5.4
5.4
2023-08-03 CVE-2023-20216 Incorrect Permission Assignment for Critical Resource vulnerability in Cisco products
A vulnerability in the privilege management functionality of all Cisco BroadWorks server types could allow an authenticated, local attacker to elevate privileges to root on an affected system.
local
low complexity
cisco CWE-732
7.8
7.8
2023-01-20 CVE-2023-20019 Cross-site Scripting vulnerability in Cisco Broadworks Xtended Services Platform
A vulnerability in the web-based management interface of Cisco BroadWorks Application Delivery Platform, Cisco BroadWorks Application Server, and Cisco BroadWorks Xtended Services Platform could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the interface of an affected device. This vulnerability exists because the web-based management interface does not properly validate user-supplied input.
network
low complexity
cisco CWE-79
6.1
6.1