CVE-2023-20019
A vulnerability in the web-based management interface of Cisco BroadWorks Application Delivery Platform, Cisco BroadWorks Application Server, and Cisco BroadWorks Xtended Services Platform could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the interface of an affected device. This vulnerability exists because the web-based management interface does not properly validate user-supplied input. An attacker could exploit this vulnerability by persuading a user of the interface to click a crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive, browser-based information.
EPSS 0.76% · 73.7th percentile
Risk Scores
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| cisco | broadworks_application_server | 0 |
| cisco | broadworks_application_delivery_platform | 0 |
| Cisco | Cisco BroadWorks | 24.0 ap375672, 24.0 ap379112, 24.0 ap376934 |
| cisco | broadworks_xtended_services_platform | 0 |
Exploit Intelligence
- cisco-sa-bw-xss-EzqDXqG4 (circl)
Timeline
- Jan 19, 2023 CVE Published
- Jan 20, 2023 EPSS Score
- Mar 2, 2023 EPSS Score
- Mar 7, 2023 EPSS Score
- May 22, 2023 EPSS Score
- Jul 1, 2023 EPSS Score
- Aug 11, 2023 EPSS Score
- Sep 20, 2023 EPSS Score
- Oct 31, 2023 EPSS Score
- Dec 10, 2023 EPSS Score
- Mar 1, 2024 EPSS Score
- Apr 10, 2024 EPSS Score