CVE-2024-28722

April 22, 2024, 1:28 p.m.

None
No Score

Description

Cross Site Scripting vulnerability in Innovaphone myPBX v.14r1, v.13r3, v.12r2 allows a remote attacker to execute arbitrary code via the query parameter to the /CMD0/xml_modes.xml endpoint

Product(s) Impacted

Product Versions
Innovaphone myPBX
  • ['14r1', '13r3', '12r2']

Weaknesses

Common security weaknesses mapped to this vulnerability.

References

http://innovaphone.com
http://mypbx.com
https://wiki.innovaphone.com/index.php?title=Reference14r1:Release_Notes_Firmware#159317_-_Advanced_UI:_Prevent_XSL_injection

Tags

Timeline

Published: April 22, 2024, 1:15 a.m.
Last Modified: April 22, 2024, 1:28 p.m.

Status : Awaiting Analysis

CVE has been recently published to the CVE List and has been received by the NVD.

More info

Source

cve@mitre.org

*Disclaimer: Some vulnerabilities do not have an associated CPE. To enhance the data, we use AI to infer CPEs based on CVE details. This is an automated process and might not always be accurate.