Cross Site Scripting in different input fields (domain field and personal settings) in AudioCodes 405HD VoIP phone with firmware 2.2.12 allows an attacker (local or remote) to inject JavaScript into the web interface of the device by manipulating the phone book entries or manipulating the domain name sent to the device from the domain controller.
Metrics
Affected Vendors & Products
References
History
No history.
MITRE
Status: PUBLISHED
Assigner: mitre
Published: 2019-04-25T19:57:37
Updated: 2024-08-05T10:17:38.387Z
Reserved: 2018-08-30T00:00:00
Link: CVE-2018-16220
Vulnrichment
No data.
NVD
Status : Modified
Published: 2019-04-25T20:29:01.913
Modified: 2024-11-21T03:52:18.473
Link: CVE-2018-16220
Redhat
No data.