CVE-2014-3313: XSS
First published: Wed Jul 09 2014(Updated: )
Cross-site scripting (XSS) vulnerability in the web user interface on Cisco Small Business SPA300 and SPA500 phones allows remote attackers to inject arbitrary web script or HTML via a crafted URL, aka Bug ID CSCuo52582.
Credit: ykramarz@cisco.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Cisco Spa 301 1 Line Ip Phone | ||
| Cisco Spa 303 3 Line Ip Phone | ||
| Cisco Spa 501g 8-line Ip Phone | ||
| Cisco Spa 502g 1-line Ip Phone | ||
| Cisco Spa 504g 4-line Ip Phone | ||
| Cisco Spa 508g 8-line Ip Phone | ||
| Cisco Spa 509g 12-line Ip Phone | ||
| Cisco Spa 512g 1-line Ip Phone | ||
| Cisco Spa 514g 4-line Ip Phone | ||
| Cisco Spa 525g 5-line Ip Phone | ||
| Cisco Spa 525g2 5-line Ip Phone | ||
| Cisco Spa901 1-line Ip Phone | ||
| Cisco Spa922 1-line Ip Phone With 1-port Ethernet | ||
| Cisco Spa941 4-line Ip Phone With 1-port Ethernet | ||
| Cisco Spa942 4-line Ip Phone With 2-port Switch | ||
| Cisco Spa962 6-line Ip Phone With 2-port Switch |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- http://secunia.com/advisories/59808
- http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-3313
- http://tools.cisco.com/security/center/viewAlert.x?alertId=34885
- http://www.securityfocus.com/bid/68464
- http://www.securitytracker.com/id/1030553
- https://exchange.xforce.ibmcloud.com/vulnerabilities/94422
- collector/nvd-index
- agent/severity
- agent/references
- agent/weakness
- agent/author
- agent/description
- agent/type
- agent/event
- agent/first-publish-date
- agent/softwarecombine
- agent/last-modified-date
- agent/tags
- collector/mitre-cve
- source/MITRE
- vendor/cisco
- canonical/cisco spa 301 1 line ip phone
- canonical/cisco spa 303 3 line ip phone
- canonical/cisco spa 501g 8-line ip phone
- canonical/cisco spa 502g 1-line ip phone
- canonical/cisco spa 504g 4-line ip phone
- canonical/cisco spa 508g 8-line ip phone
- canonical/cisco spa 509g 12-line ip phone
- canonical/cisco spa 512g 1-line ip phone
- canonical/cisco spa 514g 4-line ip phone
- canonical/cisco spa 525g 5-line ip phone
- canonical/cisco spa 525g2 5-line ip phone
- canonical/cisco spa901 1-line ip phone
- canonical/cisco spa922 1-line ip phone with 1-port ethernet
- canonical/cisco spa941 4-line ip phone with 1-port ethernet
- canonical/cisco spa942 4-line ip phone with 2-port switch
- canonical/cisco spa962 6-line ip phone with 2-port switch