Products
Innovaphone myPBX
- 14r1
- 13r3
- 12r2
Source
cve@mitre.org
Tags
CVE-2024-28722 details
Published : April 22, 2024, 1:15 a.m.
Last Modified : April 22, 2024, 1:28 p.m.
Last Modified : April 22, 2024, 1:28 p.m.
Description
Cross Site Scripting vulnerability in Innovaphone myPBX v.14r1, v.13r3, v.12r2 allows a remote attacker to execute arbitrary code via the query parameter to the /CMD0/xml_modes.xml endpoint
CVSS Score
| 1 | 2 | 3 | 4 | 5 | 6 | 7 | 8 | 9 | 10 |
|---|
Weakness
| Weakness | Name | Description |
|---|
References
| URL | Source |
|---|---|
| http://innovaphone.com | cve@mitre.org |
| http://mypbx.com | cve@mitre.org |
| https://wiki.innovaphone.com/index.php?title=Reference14r1:Release_Notes_Firmware#159317_-_Advanced_UI:_Prevent_XSL_injection | cve@mitre.org |
This website uses the NVD API, but is not approved or certified by it.