Description
The IP phone might use malicious input stored in configuration parameters and render it as content for the WebUI’s webpage.
No analysis available yet.
Remediation
No remediation available yet.
Tracking
Sign in to view the affected projects.
Advisories
No advisories yet.
References
History
Wed, 08 Jul 2026 22:15:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| Description | The IP phone might use malicious input stored in configuration parameters and render it as content for the WebUI’s webpage. | |
| Title | Poly Voice – Potential Unauthorized Modification of WebUI using XSS Attack | |
| First Time appeared |
Hp Inc.
Hp Inc. poly Ccx Hp Inc. poly Edge E Hp Inc. poly Trio C60 |
|
| Weaknesses | CWE-79 | |
| CPEs | cpe:2.3:h:hp_inc.:poly_ccx:*:*:*:*:*:*:*:* cpe:2.3:h:hp_inc.:poly_edge_e:*:*:*:*:*:*:*:* cpe:2.3:h:hp_inc.:poly_trio_c60:*:*:*:*:*:*:*:* |
|
| Vendors & Products |
Hp Inc.
Hp Inc. poly Ccx Hp Inc. poly Edge E Hp Inc. poly Trio C60 |
|
| References |
| |
| Metrics |
cvssV4_0
|
Status: PUBLISHED
Assigner: hp
Published:
Updated: 2026-07-08T21:39:06.676Z
Reserved: 2026-04-08T21:33:29.346Z
Link: CVE-2026-5922
No data.
No data.
No data.
OpenCVE Enrichment
No data.
Weaknesses
-
CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')