CVE-2011-2545

Cisco Spa8000 8-port IP Telephony Gateway Firmware < 6.1.10 - XSS

Title source: rule

Description

Cross-site scripting (XSS) vulnerability in the SIP implementation on the Cisco SPA8000 and SPA8800 before 6.1.11, SPA2102 and SPA3102 before 5.2.13, and SPA 500 series IP phones before 7.4.9 allows remote attackers to inject arbitrary web script or HTML via the FROM field of an INVITE message, aka Bug IDs CSCtr27277, CSCtr27256, CSCtr27274, and CSCtr14715.

References (1)

[Vendor Advisory] http://tools.cisco.com/security/center/viewAlert.x?alertId=26037

Scores

EPSS 0.0039

EPSS Percentile 59.5%

Classification

CWE

CWE-79

Status published

Affected Products (31)

cisco/spa8000_8-port_ip_telephony_gateway_firmware < 6.1.10

cisco/spa8000_8-port_ip_telephony_gateway_firmware

cisco/spa8000_8-port_ip_telephony_gateway

cisco/spa8800_8-port_ip_telephony_gateway_firmware < 6.1.7

cisco/spa8800_ip_telephony_gateway

cisco/spa2102_phone_adapter_with_router_firmware < 5.2.12

cisco/spa2102_phone_adapter_with_router_firmware

cisco/spa2102_phone_adapter_with_router

cisco/spa3102_voice_gateway_with_router_firmware < 5.1.10

cisco/spa3102_voice_gateway_with_router_firmware

cisco/spa3102_voice_gateway_with_router

... and 16 more

Timeline

Published Jun 13, 2012

Tracked Since Feb 18, 2026