CVE-2022-20948 MEDIUM

CVE-2022-20948: Cisco BroadWorks Hosted Thin Receptionist Cross-Site Scripting Vulnerability

Vendor Cisco
Product Cisco BroadWorks
Weakness CWE-79 · XSS
Published November 15, 2024
Last update November 15, 2024
View on NVD All CVEs

CVSS base score

5.4/10
Attack vector Network
Attack complexity Low
Privileges required Low
User interaction Required
Confidentiality Low
Integrity Low

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

What the vulnerability does

01Description

A vulnerability in the web management interface of Cisco BroadWorks Hosted Thin Receptionist could allow an authenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the interface. This vulnerability is due to insufficient user input validation. An attacker could exploit this vulnerability by persuading a user of the interface to click a crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive, browser-based information.Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability.

Key dates

02Disclosure timeline

November 15, 2024 CVE published
November 15, 2024 Record updated

Related vulnerabilities

04Related CVE

CVE-2025-14991 Campcodes Complete Online Beauty Parlor Management System bwdates-reports-details.php cross site scripting CVE-2024-54042 Adobe Connect | Cross-site Scripting (Reflected XSS) (CWE-79) CVE-2021-24910 Transposh WordPress Translation < 1.0.8 - Reflected Cross-Site Scripting CVE-2019-25280 Yahei-PHP Prober 0.4.7 Remote HTML Injection via Speed Parameter CVE-2022-35275 WordPress Advanced Order Export For WooCommerce plugin <= 3.3.1 - Authenticated Reflected Cross-Site Scripting (XSS) vulnerability