Vulnerabilities > Cisco > Spa525G Firmware > Medium

DATE CVE VULNERABILITY TITLE RISK
2023-08-03 CVE-2023-20181 Cross-site Scripting vulnerability in Cisco products
A vulnerability in the web-based management interface of Cisco Small Business SPA500 Series IP Phones could allow an unauthenticated, remote attacker to conduct XSS attacks.
network
low complexity
cisco CWE-79
6.1
2023-08-03 CVE-2023-20218 Cross-site Scripting vulnerability in Cisco products
A vulnerability in web-based management interface of Cisco SPA500 Series Analog Telephone Adapters (ATAs) could allow an authenticated, remote attacker to to modify a web page in the context of a user's browser. This vulnerability is due to insufficient validation of user-supplied input by the web-based management interface of the affected software.
network
low complexity
cisco CWE-79
6.1