CVE-2016-1471

CVE-2016-1471

EPSS 1.5%

Cross-site scripting (XSS) vulnerability in the web-based management interface on Cisco Small Business 220 devices with firmware before 1.0.1.1 allows remote attackers to inject arbitrary web script or HTML via a crafted URL, aka Bug ID CSCuz76232.

Affected products

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →

References

http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160831-sps1 http://www.securityfocus.com/bid/92713 http://www.securitytracker.com/id/1036723 http://www.synacktiv.com/ressources/advisories_cisco_switch_sg220_xss.pdf