Cross Site Scripting in different input fields (domain field and personal settings) in AudioCodes 405HD VoIP phone with firmware 2.2.12 allows an attacker (local or remote) to inject JavaScript into the web interface of the device by manipulating the phone book entries or manipulating the domain name sent to the device from the domain controller.
References
Link | Resource |
---|---|
https://www.sit.fraunhofer.de/fileadmin/dokumente/CVE/Advisory_AudioCodes_405HD.pdf | Mitigation Third Party Advisory |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: mitre
Published: 2019-04-25T19:57:37
Updated: 2019-04-25T19:57:37
Reserved: 2018-08-30T00:00:00
Link: CVE-2018-16220
JSON object: View
NVD Information
Status : Analyzed
Published: 2019-04-25T20:29:01.913
Modified: 2019-04-26T18:34:27.107
Link: CVE-2018-16220
JSON object: View
Redhat Information
No data.
CWE