What is CVE-2023-20188?

CVE-2023-20188 is a medium-severity vulnerability in Cisco Small Business Smart And Managed Switches, classified under Improper Neutralization of Alternate XSS Syntax. CVSS score: 4.8/10. Published 2023-06-28.

How severe is CVE-2023-20188?

Medium severity. CVSS v3 base score is 4.8 out of 10.

Is CVE-2023-20188 known to be exploited?

1 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.

XSS in Cisco Small Business Smart And Managed Switches

CVE-2023-20188

A vulnerability in the web-based management interface of Cisco Small Business 200 Series Smart Switches, Cisco Small Business 300 Series Managed Switches, and Cisco Small Business 500 Series Stackable Managed Switches could allow an authen…

EPSS: 0.001 (24.1th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 4.8 (Medium). Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N.

Affected products

Cisco Small Business Smart And Managed Switches — versions 1.0.0.16, 1.0.0.19, 1.0.0.27

Weakness classification (CWE)

CWE-87 — Improper Neutralization of Alternate XSS Syntax

Public proof-of-concept exploits

ahmedvienna/CVEs-and-Vulnerabilities

References

cisco-sa-smb-sxss-OPYJZUmE

Frequently asked questions

What is CVE-2023-20188?: CVE-2023-20188 is a medium-severity vulnerability in Cisco Small Business Smart And Managed Switches, classified under Improper Neutralization of Alternate XSS Syntax. CVSS score: 4.8/10. Published 2023-06-28.
How severe is CVE-2023-20188?: Medium severity. CVSS v3 base score is 4.8 out of 10.
Is CVE-2023-20188 known to be exploited?: 1 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.