CVE-2019-1956

Name of the Vulnerable Software and Affected Versions Cisco SPA112 2-Port Phone Adapter (affected versions not specified)

Description The issue is related to insufficient validation of user-supplied input by the web-based interface of the affected device, allowing an authenticated, remote attacker to conduct a cross-site scripting (XSS) attack against another user of the device. An attacker could exploit this by inserting malicious code in one of the configuration fields, potentially executing arbitrary script code in the context of the affected interface or accessing sensitive, browser-based information.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.