Vulnerabilities > Cisco > Spa525 Firmware

DATE CVE VULNERABILITY TITLE RISK
2023-08-03 CVE-2023-20181 Cross-site Scripting vulnerability in Cisco products
A vulnerability in the web-based management interface of Cisco Small Business SPA500 Series IP Phones could allow an unauthenticated, remote attacker to conduct XSS attacks.
network
low complexity
cisco CWE-79
6.1
2023-08-03 CVE-2023-20218 Cross-site Scripting vulnerability in Cisco products
A vulnerability in web-based management interface of Cisco SPA500 Series Analog Telephone Adapters (ATAs) could allow an authenticated, remote attacker to to modify a web page in the context of a user's browser. This vulnerability is due to insufficient validation of user-supplied input by the web-based management interface of the affected software.
network
low complexity
cisco CWE-79
6.1
2019-02-25 CVE-2019-1683 Improper Certificate Validation vulnerability in Cisco products
A vulnerability in the certificate handling component of the Cisco SPA112, SPA525, and SPA5X5 Series IP Phones could allow an unauthenticated, remote attacker to listen to or control some aspects of a Transport Level Security (TLS)-encrypted Session Initiation Protocol (SIP) conversation.
network
high complexity
cisco CWE-295
7.4