Loading
Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV016, RV042, RV042G, RV082, RV320, and RV325 Routers could allow an unauthenticated, remote attacker to conduct cross-site scripting (XSS) attacks against a user of the interface. These vulnerabilities are due to insufficient input validation by the web-based management interface. An attacker could exploit these vulnerabilities by sending crafted HTTP requests to an affected device and then persuading a user to visit specific web pages that include malicious payloads. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive, browser-based information. Cisco has not released software updates that address these vulnerabilities.
Use CWE-79, Cisco vendor hub and Rv016 Firmware product page to widen CVE-2023-20151 into its surrounding weakness, vendor, and product context.
Compare it with CVE-2023-20118, CVE-2024-20362 and CVE-2023-20150 for nearby disclosures in the same product family. Additional editorial context is available in The Weekly Cybersecurity Brief: January 30th, 2026.