3.5
CVE-2012-1417
- EPSS 1.73%
- Veröffentlicht 17.09.2014 14:55:02
- Zuletzt bearbeitet 06.05.2026 22:30:45
- Quelle cve@mitre.org
- CVE-Watchlists
- Unerledigt
LoginMultiple cross-site scripting (XSS) vulnerabilities in Local Phone book and Blacklist form in Yealink VOIP Phones allow remote authenticated users to inject arbitrary web script or HTML via the user field to cgi-bin/ConfigManApp.com.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Yealink ≫ Gigabit Color Ip Phone Sip-t32g Version-
Yealink ≫ Gigabit Color Ip Phone Sip-t38g Version-
Yealink ≫ Ip Phone Sip-t19p Version-
Yealink ≫ Ip Phone Sip-t20p Version-
Yealink ≫ Ip Phone Sip-t21p Version-
Yealink ≫ Ip Phone Sip-t22p Version-
Yealink ≫ Ip Phone Sip-t26p Version-
Yealink ≫ Ip Phone Sip-t28p Version-
Yealink ≫ Ip Video Phone Vp530 Version-
Yealink ≫ Ultra-elegant Ip Phone Sip-t41p Version-
Yealink ≫ Ultra-elegant Ip Phone Sip-t42g Version-
Yealink ≫ Ultra-elegant Ip Phone Sip-t46g Version-
Yealink ≫ Ultra-elegant Ip Phone Sip-t48g Version-
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 1.73% | 0.747 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 3.5 | 6.8 | 2.9 |
AV:N/AC:M/Au:S/C:N/I:P/A:N
|
CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.
http://archives.neohapsis.com/archives/bugtraq/2012-03/0056.html
http://packetstormsecurity.org/files/110320/yealink-xss.txt
http://secunia.com/advisories/48194
http://www.exploit-db.com/exploits/18540
http://www.osvdb.org/79675
http://www.securityfocus.com/bid/52209
https://exchange.xforce.ibmcloud.com/vulnerabilities/73573