CVE-2019-16025

MEDIUM

Cisco Emergency Responder < 12.5_su1 - Authenticated Stored Cross-Site Scripting via Web Management Interface

Title source: llm
STIX 2.1

Description

A vulnerability in the web framework of Cisco Emergency Responder could allow an authenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web-based management interface. The vulnerability is due to insufficient validation of some parameters that are passed to the web server of the affected software. An attacker could exploit this vulnerability by persuading a user to access a malicious link or by intercepting a user request for the affected web interface and injecting malicious code into that request. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected web-based management interface or access sensitive, browser-based information.

References (1)

Core 1
Core References

Scores

CVSS v3 4.8
EPSS 0.0062
EPSS Percentile 45.8%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N

CISA SSVC

Vulnrichment
Exploitation none
Automatable no
Technical Impact partial

Details

CWE
CWE-79
Status published
Products (1)
cisco/emergency_responder < 12.5_su1
Published Sep 23, 2020
Tracked Since Feb 18, 2026