[Forgot Password]
Login  Register Subscribe

23631

 
 

126951

 
 

99536

 
 

909

 
 

80128

 
 

109

Paid content will be excluded from the download.


Download | Alert*
CVE
view XML

CVE-2016-1396

Date: (C)2016-08-25   (M)2017-12-06 


Cross-site scripting (XSS) vulnerability in the web-based management interface on Cisco RV110W devices with firmware before 1.2.1.7, RV130W devices with firmware before 1.0.3.16, and RV215W devices with firmware before 1.3.0.8 allows remote attackers to inject arbitrary web script or HTML via a crafted parameter, aka Bug ID CSCux82583.

CVSS Score: 4.3Access Vector: NETWORK
Exploit Score: 8.6Access Complexity: MEDIUM
Impact Score: 2.9Authentication: NONE
 Confidentiality: NONE
 Integrity: PARTIAL
 Availability: NONE





Reference:
SECTRACK-1036114
20160615
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160615-rv1

CPE    12
cpe:/o:cisco:rv110w_wireless-n_vpn_firewall_firmware:1.1.0.9
cpe:/o:cisco:rv110w_wireless-n_vpn_firewall_firmware:1.2.0.9
cpe:/o:cisco:rv110w_wireless-n_vpn_firewall_firmware:1.2.0.10
cpe:/o:cisco:rv110w_wireless-n_vpn_firewall_firmware:1.2.1.4
...
CWE    1
CWE-79

© 2013 SecPod Technologies