CVE-2023-20019

Name of the Vulnerable Software and Affected Versions Cisco BroadWorks Application Server (affected versions not specified) Cisco BroadWorks Xtended Services Platform (affected versions not specified) Cisco BroadWorks Application Delivery Platform (affected versions not specified)

Description The issue exists due to insufficient protection of the web page structure in the web-based management interface. This could allow a remote attacker to conduct a cross-site scripting (XSS) attack. The vulnerability is caused by the interface not properly validating user-supplied input. An attacker could exploit this by persuading a user to click a crafted link, potentially allowing the execution of arbitrary script code or access to sensitive browser-based information.

Recommendations For Cisco BroadWorks Application Server, update to a version that properly validates user-supplied input. For Cisco BroadWorks Xtended Services Platform, ensure the web-based management interface is configured to validate user input correctly. For Cisco BroadWorks Application Delivery Platform, consider implementing additional validation for user-supplied input in the web-based management interface as a temporary workaround until a patch is available.