Vulnerability Description
Cross-site scripting (XSS) vulnerability in the web user interface on Cisco Small Business SPA300 and SPA500 phones allows remote attackers to inject arbitrary web script or HTML via a crafted URL, aka Bug ID CSCuo52582.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Cisco | Spa 301 1 Line Ip Phone | All versions |
| Cisco | Spa 303 3 Line Ip Phone | All versions |
| Cisco | Spa 501G 8-Line Ip Phone | All versions |
| Cisco | Spa 502G 1-Line Ip Phone | All versions |
| Cisco | Spa 504G 4-Line Ip Phone | All versions |
| Cisco | Spa 508G 8-Line Ip Phone | All versions |
| Cisco | Spa 509G 12-Line Ip Phone | All versions |
| Cisco | Spa 512G 1-Line Ip Phone | All versions |
| Cisco | Spa 514G 4-Line Ip Phone | All versions |
| Cisco | Spa 525G 5-Line Ip Phone | All versions |
| Cisco | Spa 525G2 5-Line Ip Phone | All versions |
| Cisco | Spa901 1-Line Ip Phone | All versions |
| Cisco | Spa922 1-Line Ip Phone With 1-Port Ethernet | All versions |
| Cisco | Spa941 4-Line Ip Phone With 1-Port Ethernet | All versions |
| Cisco | Spa942 4-Line Ip Phone With 2-Port Switch | All versions |
| Cisco | Spa962 6-Line Ip Phone With 2-Port Switch | All versions |
Related Weaknesses (CWE)
References
- http://secunia.com/advisories/59808
- http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-3313Vendor Advisory
- http://tools.cisco.com/security/center/viewAlert.x?alertId=34885Vendor Advisory
- http://www.securityfocus.com/bid/68464
- http://www.securitytracker.com/id/1030553
- https://exchange.xforce.ibmcloud.com/vulnerabilities/94422
- http://secunia.com/advisories/59808
- http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-3313Vendor Advisory
- http://tools.cisco.com/security/center/viewAlert.x?alertId=34885Vendor Advisory
- http://www.securityfocus.com/bid/68464
- http://www.securitytracker.com/id/1030553
- https://exchange.xforce.ibmcloud.com/vulnerabilities/94422
FAQ
What is CVE-2014-3313?
CVE-2014-3313 is a vulnerability with a CVSS score of 4.3 (MEDIUM). Cross-site scripting (XSS) vulnerability in the web user interface on Cisco Small Business SPA300 and SPA500 phones allows remote attackers to inject arbitrary web script or HTML via a crafted URL, ak...
How severe is CVE-2014-3313?
CVE-2014-3313 has been rated MEDIUM with a CVSS base score of 4.3/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2014-3313?
Check the references section above for vendor advisories and patch information. Affected products include: Cisco Spa 301 1 Line Ip Phone, Cisco Spa 303 3 Line Ip Phone, Cisco Spa 501G 8-Line Ip Phone, Cisco Spa 502G 1-Line Ip Phone, Cisco Spa 504G 4-Line Ip Phone.