Vulnerabilities > Cisco > Sg500X 24Mpp Firmware > Medium

DATE CVE VULNERABILITY TITLE RISK
2023-06-28 CVE-2023-20188 Cross-site Scripting vulnerability in Cisco products
A vulnerability in the web-based management interface of Cisco Small Business 200 Series Smart Switches, Cisco Small Business 300 Series Managed Switches, and Cisco Small Business 500 Series Stackable Managed Switches could allow an authenticated, remote attacker to conduct a stored cross-site scripting (XSS) attack against a user of the interface on an affected device. This vulnerability is due to insufficient validation of user-supplied input.
network
low complexity
cisco CWE-79
4.8
2022-09-27 CVE-2021-27853 Authentication Bypass by Spoofing vulnerability in multiple products
Layer 2 network filtering capabilities such as IPv6 RA guard or ARP inspection can be bypassed using combinations of VLAN 0 headers and LLC/SNAP headers.
low complexity
ieee ietf cisco CWE-290
4.7
2021-11-04 CVE-2021-40127 Improper Input Validation vulnerability in Cisco products
A vulnerability in the web-based management interface of Cisco Small Business 200 Series Smart Switches, Cisco Small Business 300 Series Managed Switches, and Cisco Small Business 500 Series Stackable Managed Switches could allow an unauthenticated, remote attacker to render the web-based management interface unusable, resulting in a denial of service (DoS) condition.
network
low complexity
cisco CWE-20
5.3