Vulnerabilities > Cisco > Spa514G Firmware > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-08-03 | CVE-2023-20181 | Cross-site Scripting vulnerability in Cisco products A vulnerability in the web-based management interface of Cisco Small Business SPA500 Series IP Phones could allow an unauthenticated, remote attacker to conduct XSS attacks. | 6.1 |
| 2023-08-03 | CVE-2023-20218 | Cross-site Scripting vulnerability in Cisco products A vulnerability in web-based management interface of Cisco SPA500 Series Analog Telephone Adapters (ATAs) could allow an authenticated, remote attacker to to modify a web page in the context of a user's browser. This vulnerability is due to insufficient validation of user-supplied input by the web-based management interface of the affected software. | 6.1 |
| 2019-07-17 | CVE-2019-1923 | Improper Input Validation vulnerability in Cisco products A vulnerability in Cisco Small Business SPA500 Series IP Phones could allow a physically proximate attacker to execute arbitrary commands on the device. | 6.6 |