Sipwise C5 NGCP WWW Admin version 3.6.7 up to and including platform version NGCP CE 3.0 has multiple authenticated stored and reflected XSS vulnerabilities when input passed via several parameters to several scripts is not properly sanitized before being returned to the user: Stored XSS in callforward/time/set/save (POST tsetname); Reflected XSS in addressbook (GET filter); Stored XSS in addressbook/save (POST firstname, lastname, company); and Reflected XSS in statistics/versions (GET lang).
Metrics
Affected Vendors & Products
References
History
No history.
MITRE
Status: PUBLISHED
Assigner: mitre
Published: 2021-04-23T20:52:09
Updated: 2024-08-03T23:03:33.432Z
Reserved: 2021-04-22T00:00:00
Link: CVE-2021-31583
Vulnrichment
No data.
NVD
Status : Modified
Published: 2021-04-23T21:15:08.310
Modified: 2024-11-21T06:05:56.903
Link: CVE-2021-31583
Redhat
No data.