Vulnerability Details CVE-2024-20362
A vulnerability in the web-based management interface of Cisco Small Business RV016, RV042, RV042G, RV082, RV320, and RV325 Routers could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the interface.
This vulnerability is due to insufficient input validation by the web-based management interface. An attacker could exploit this vulnerability by persuading a user to visit specific web pages that include malicious payloads. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive, browser-based information.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.002
EPSS Ranking 40.5%
CVSS Severity
CVSS v3 Score 6.1
References
Products affected by CVE-2024-20362
-
cpe:2.3:h:cisco:rv016:-
-
cpe:2.3:h:cisco:rv042:-
-
cpe:2.3:h:cisco:rv042g:-
-
cpe:2.3:h:cisco:rv082:-
-
cpe:2.3:h:cisco:rv320:-
-
cpe:2.3:h:cisco:rv325:-
-
cpe:2.3:o:cisco:rv016_firmware:-
-
cpe:2.3:o:cisco:rv042_firmware:-
-
cpe:2.3:o:cisco:rv042g_firmware:-
-
cpe:2.3:o:cisco:rv082_firmware:-
-
cpe:2.3:o:cisco:rv320_firmware:-
-
cpe:2.3:o:cisco:rv325_firmware:-