Vulnslist

Cisco vulnerabilities by product, model, software, and advisory.

Cisco Wireless Residential Gateway Stored Cross-Site Scripting Vulnerability

cisco-sa-20151208-wrg · Medium · Published · Updated

A vulnerability in the web-based management interface of the Cisco EPC3928 Wireless Residential Gateway could allow an unauthenticated, remote attacker to conduct a stored cross-site scripting (XSS) attack against a user of the web interface of the affected system. The vulnerability is due to insufficient input validation of user-supplied value and a lack of encoding of user-supplied data. An attacker could exploit this vulnerability by convincing a user to click on a malicious link. Additional information about XSS attacks and potential mitigations can be found at the following links: http://www.cisco.com/en/US/products/cmb/cisco-amb-20060922-understanding-xss.html https://www.owasp.org/index.php/Cross-site_Scripting_(XSS)  Cisco has not released software updates that address this vulnerability. There are no workarounds that address this vulnerability. This advisory is available at the following link: https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20151208-wrg

Cisco advisory · CSAF JSON

Workarounds

There are no workarounds that address this vulnerability.

CVEsCVE-2015-6402
Cisco Bug IDsCSCux24935
CVSS ScoreBase 4.3
Base 4.3 AV:N/AC:M/Au:N/C:N/I:P/A:N/E:F/RL:U/RC:C
Product Names From Source
Cisco Model EPC3928 DOCSIS 3.0 8x4 Wireless Residential Gateway with EDVA

Related Products

Product CVE Evidence
Cisco Model EPC3928 DOCSIS 3.0 8x4 Wireless Residential Gateway with EDVA CVE-2015-6402 Cisco OpenVuln