Zenitel Norway IP-StationWeb before ... CVE-2018-19927

- AV AC AU C I A
发布: 2018-12-06
修订: 2018-12-11

Zenitel Norway IP-StationWeb before 4.2.3.9 allows stored XSS via the Display Name for Station Status or Account Settings, related to the goform/zForm_save_changes sip_nick parameter. The password of alphaadmin for the admin account may be used for authentication in some cases.

0%
暂无可用Exp或PoC
产品及版本信息(CPE)暂不可用