CVE-2022-20948

CVSS V2 None CVSS V3 None

Description

A vulnerability in the web management interface of Cisco BroadWorks Hosted Thin Receptionist could allow an authenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the interface. This vulnerability is due to insufficient user input validation. An attacker could exploit this vulnerability by persuading a user of the interface to click a crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive, browser-based information.Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability.

Overview

CVE ID
CVE-2022-20948

Assigner
cisco

Vulnerability Status
PUBLISHED

Published Version
2024-11-15T15:30:38.852Z

Last Modified Date
2024-11-15T15:46:22.454Z

Weakness Enumerations

CWE	URL
CWE-79	http://cwe.mitre.org/data/definitions/79.html

References

Reference URL	Reference Tags
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-bw-thinrcpt-xss-gSj4CecU
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-CTT-DAV-HSvEHHEt

Sources

Source Name	Source URL
NIST	https://nvd.nist.gov/vuln/detail/CVE-2022-20948
MITRE	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-20948

History

Created	Old Value	New Value	Data Type	Notes
2024-11-16 12:15:25				Added to TrackCVE