Cisco BroadWorks Application Delivery Platform, Application Server, and Xtended Services Platform Cross-Site Scripting Vulnerability Key Information Severity: Medium Advisory ID: cisco-sa-bw-xss-EzqDXqG4 CVE ID: CVE-2023-20019 CWE: CWE-79 CVSS Score: 6.1 Cisco Bug ID: CSCwd48645 Summary A vulnerability in the web-based management interface of Cisco BroadWorks Application Delivery Platform, Cisco BroadWorks Application Server, and Cisco BroadWorks Xtended Services Platform could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the interface of an affected device. Affected Products BroadWorks Application Delivery Platform BroadWorks Application Server BroadWorks Xtended Services Platform Workarounds No workarounds are available. Fixed Software Customers are advised to regularly consult the advisories for Cisco products to determine exposure and a complete upgrade solution. Fixed releases are listed in the advisory. Exploitation and Public Announcements No public announcements or malicious use of the vulnerability is known at the time of publication. Source This vulnerability was found during the resolution of a Cisco TAC support case.