Vulnerabilities > Cisco > Sg300 20 Firmware > Medium

DATE CVE VULNERABILITY TITLE RISK
2023-06-28 CVE-2023-20188 Cross-site Scripting vulnerability in Cisco products
A vulnerability in the web-based management interface of Cisco Small Business 200 Series Smart Switches, Cisco Small Business 300 Series Managed Switches, and Cisco Small Business 500 Series Stackable Managed Switches could allow an authenticated, remote attacker to conduct a stored cross-site scripting (XSS) attack against a user of the interface on an affected device. This vulnerability is due to insufficient validation of user-supplied input.
network
low complexity
cisco CWE-79
4.8
2021-11-04 CVE-2021-40127 Improper Input Validation vulnerability in Cisco products
A vulnerability in the web-based management interface of Cisco Small Business 200 Series Smart Switches, Cisco Small Business 300 Series Managed Switches, and Cisco Small Business 500 Series Stackable Managed Switches could allow an unauthenticated, remote attacker to render the web-based management interface unusable, resulting in a denial of service (DoS) condition.
network
low complexity
cisco CWE-20
5.3
2020-09-23 CVE-2019-15993 Improper Authentication vulnerability in Cisco products
A vulnerability in the web UI of Cisco Small Business Switches could allow an unauthenticated, remote attacker to access sensitive device information.
network
low complexity
cisco CWE-287
5.3
2020-08-26 CVE-2020-3496 Improper Input Validation vulnerability in Cisco products
A vulnerability in the IPv6 packet processing engine of Cisco Small Business Smart and Managed Switches could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device.
network
low complexity
cisco CWE-20
5.3
2019-10-16 CVE-2019-12718 Cross-site Scripting vulnerability in Cisco products
A vulnerability in the web-based interface of Cisco Small Business Smart and Managed Switches could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web-based interface.
network
low complexity
cisco CWE-79
6.1
2019-07-17 CVE-2019-1943 Open Redirect vulnerability in Cisco products
A vulnerability in the web interface of Cisco Small Business 200, 300, and 500 Series Switches software could allow an unauthenticated, remote attacker to redirect a user to a malicious web page.
network
low complexity
cisco CWE-601
6.1
2018-10-05 CVE-2018-0465 Cross-site Scripting vulnerability in Cisco products
A vulnerability in the web-based management interface of Cisco Small Business 300 Series Managed Switches could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the interface of an affected system.
network
low complexity
cisco CWE-79
6.1
2018-08-01 CVE-2018-0408 Cross-site Scripting vulnerability in Cisco products
A vulnerability in the web-based management interface of Cisco Small Business 300 Series (Sx300) Managed Switches could allow an authenticated, remote attacker to conduct a reflected cross-site scripting (XSS) attack against a user of the web-based management interface of an affected device.
network
low complexity
cisco CWE-79
5.4
2018-08-01 CVE-2018-0407 Cross-site Scripting vulnerability in Cisco products
A vulnerability in the web-based management interface of Cisco Small Business 300 Series (Sx300) Managed Switches could allow an authenticated, remote attacker to conduct a persistent cross-site scripting (XSS) attack against a user of the web-based management interface of an affected device.
network
low complexity
cisco CWE-79
5.4
2018-01-18 CVE-2017-12308 Unspecified vulnerability in Cisco products
A vulnerability in the web framework of Cisco Small Business Managed Switches software could allow an unauthenticated, remote attacker to conduct an HTTP response splitting attack against a user of the web interface of an affected system.
network
low complexity
cisco
6.1