CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Vulnerability Details CVE-2021-31583

Sipwise C5 NGCP WWW Admin version 3.6.7 up to and including platform version NGCP CE 3.0 has multiple authenticated stored and reflected XSS vulnerabilities when input passed via several parameters to several scripts is not properly sanitized before being returned to the user: Stored XSS in callforward/time/set/save (POST tsetname); Reflected XSS in addressbook (GET filter); Stored XSS in addressbook/save (POST firstname, lastname, company); and Reflected XSS in statistics/versions (GET lang).

Exploit prediction scoring system (EPSS) score

EPSS Score 0.003

EPSS Ranking 53.1%

CVSS Severity

CVSS v3 Score 5.4

CVSS v2 Score 3.5

References

http://lists.sipwise.com/pipermail/spce-user_lists.sipwise.com/2021-September/014708.html
http://packetstormsecurity.com/files/162316/Sipwise-C5-NGCP-CSC-Cross-Site-Scripting.html
https://www.sipwise.com
https://www.zeroscience.mk/en/vulnerabilities
https://www.zeroscience.mk/en/vulnerabilities/ZSL-2021-5648.php
http://lists.sipwise.com/pipermail/spce-user_lists.sipwise.com/2021-September/014708.html
http://packetstormsecurity.com/files/162316/Sipwise-C5-NGCP-CSC-Cross-Site-Scripting.html
https://www.sipwise.com
https://www.zeroscience.mk/en/vulnerabilities
https://www.zeroscience.mk/en/vulnerabilities/ZSL-2021-5648.php

Products affected by CVE-2021-31583

Sipwise » Next Generation Communication Platform » Version: 3.6.7

cpe:2.3:a:sipwise:next_generation_communication_platform:3.6.7

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2021-31583

Products

Pricing

Contact Us