Cisco SPA112 2-Port Phone Adapter Stored Cross-Site Scripting Vulnerability
Description
A vulnerability in the web-based interface of the Cisco SPA112 2-Port Phone Adapter could allow an authenticated, remote attacker to conduct a cross-site scripting (XSS) attack against another user of the device. The vulnerability is due to insufficient validation of user-supplied input by the web-based interface of the affected device. An attacker could exploit this vulnerability by inserting malicious code in one of the configuration fields. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive, browser-based information.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Authenticated stored XSS in Cisco SPA112 web interface allows arbitrary script execution in another user's browser.
Vulnerability
The Cisco SPA112 2-Port Phone Adapter web-based interface contains a stored cross-site scripting (XSS) vulnerability due to insufficient validation of user-supplied input in configuration fields. This affects devices running software releases earlier than Release 1.4.1SR4 [1].
Exploitation
An authenticated, remote attacker can exploit this vulnerability by inserting malicious script code into one of the configuration fields. When another authenticated user accesses the web interface, the injected script executes in the context of that user's session [1].
Impact
Successful exploitation allows the attacker to execute arbitrary script code in the context of the affected interface or access sensitive, browser-based information, such as session tokens or credentials [1].
Mitigation
Cisco has released software update Release 1.4.1SR4 to address this vulnerability. No workarounds are available; upgrading to the fixed version is required [1].
AI Insight generated on May 25, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
2(expand)+ 1 more
- (no CPE)
- (no CPE)range: unspecified
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
1- tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190807-spa112-xssmitrevendor-advisoryx_refsource_CISCO
News mentions
0No linked articles in our index yet.