CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Vulnerability Details CVE-2018-16220

Cross Site Scripting in different input fields (domain field and personal settings) in AudioCodes 405HD VoIP phone with firmware 2.2.12 allows an attacker (local or remote) to inject JavaScript into the web interface of the device by manipulating the phone book entries or manipulating the domain name sent to the device from the domain controller.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.002

EPSS Ranking 45.6%

CVSS Severity

CVSS v3 Score 6.1

CVSS v2 Score 4.3

References

https://www.sit.fraunhofer.de/fileadmin/dokumente/CVE/Advisory_AudioCodes_405HD.pdf
https://www.sit.fraunhofer.de/fileadmin/dokumente/CVE/Advisory_AudioCodes_405HD.pdf

Products affected by CVE-2018-16220

Audiocodes » 405hd » Version: N/A

cpe:2.3:h:audiocodes:405hd:-
Audiocodes » 405hd Firmware » Version: 2.2.12

cpe:2.3:o:audiocodes:405hd_firmware:2.2.12

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2018-16220

Products

Pricing

Contact Us