CVE-2024-28722
April 22, 2024, 1:28 p.m.
Tags
Product(s) Impacted
Innovaphone myPBX
- 14r1
- 13r3
- 12r2
Description
Cross Site Scripting vulnerability in Innovaphone myPBX v.14r1, v.13r3, v.12r2 allows a remote attacker to execute arbitrary code via the query parameter to the /CMD0/xml_modes.xml endpoint
Weaknesses
Date
Published: April 22, 2024, 1:15 a.m.
Last Modified: April 22, 2024, 1:28 p.m.
Status : Awaiting Analysis
CVE has been recently published to the CVE List and has been received by the NVD.
More infoSource
cve@mitre.org
References
http://innovaphone.com/
cve@mitre.org
http://mypbx.com/
cve@mitre.org
https://wiki.innovaphone.com/
cve@mitre.org