Vulnerabilities > Cisco > Spa525G2 Firmware

DATE CVE VULNERABILITY TITLE RISK
2023-08-03 CVE-2023-20181 Cross-site Scripting vulnerability in Cisco products
A vulnerability in the web-based management interface of Cisco Small Business SPA500 Series IP Phones could allow an unauthenticated, remote attacker to conduct XSS attacks.
network
low complexity
cisco CWE-79
6.1
2023-08-03 CVE-2023-20218 Cross-site Scripting vulnerability in Cisco products
A vulnerability in web-based management interface of Cisco SPA500 Series Analog Telephone Adapters (ATAs) could allow an authenticated, remote attacker to to modify a web page in the context of a user's browser. This vulnerability is due to insufficient validation of user-supplied input by the web-based management interface of the affected software.
network
low complexity
cisco CWE-79
6.1
2019-07-17 CVE-2019-1923 Improper Input Validation vulnerability in Cisco products
A vulnerability in Cisco Small Business SPA500 Series IP Phones could allow a physically proximate attacker to execute arbitrary commands on the device.
low complexity
cisco CWE-20
6.6