Cisco BroadWorks Hosted Thin Receptionist XSS Vulnerability (CVE-2022-20948) Advisory

From this webpage screenshot, the following key information about the vulnerability can be obtained: 1. Vulnerability Description: - Vulnerability Name: Cisco BroadWorks Hosted Thin Receptionist Cross-Site Scripting Vulnerability - Vulnerability ID: cisco-sa-bw-thinrcpt-xss-gSj4CecU - CVE Number: CVE-2022-20948 - CWE Number: CWE-79 - CVSS Score: Base 5.4 2. Affected Product: - Cisco BroadWorks Hosted Thin Receptionist 3. Vulnerability Type: - Type: Cross-Site Scripting (XSS) - Description: Due to insufficient input validation, remote attackers can exploit this vulnerability to perform cross-site scripting attacks. 4. Vulnerability Impact: - Impact: Allows attackers to execute arbitrary script code or access sensitive information. 5. Remediation: - Fix Released: Cisco has released software updates to address this vulnerability. - Workaround: No workaround is available. 6. Affected Software Versions: - Affected Versions: 22.0 and earlier - Fixed Version: 22.0.2022.08 7. Security Policy: - Security Vulnerability Disclosure Policy: Link to Cisco’s vulnerability disclosure policy page. 8. User Feedback: - Users can provide additional feedback. 9. Source: - The vulnerability was discovered during the resolution of a Cisco TAC support case. 10. Related Links: - Security Center: Link to Cisco Security Center page. - Security Notifications: Link to subscribe to security notifications. - Related Vulnerabilities: Link to other vulnerabilities related to this one. This information helps users understand the details of the vulnerability, the affected products and software versions, and how to obtain fixes and related documentation.

Goal Reached Thanks to every supporter — we hit 100%!

Cisco BroadWorks Hosted Thin Receptionist XSS Vulnerability (CVE-2022-20948) Advisory