Zenitel: >> Ip-Stationweb Security Vulnerabilities
Zenitel Norway IP-StationWeb before 4.2.3.9 allows reflected XSS via the goform/ PATH_INFO.
CVSS Score
6.1
EPSS Score
0.002
Published
2018-12-06
Zenitel Norway IP-StationWeb before 4.2.3.9 allows stored XSS via the Display Name for Station Status or Account Settings, related to the goform/zForm_save_changes sip_nick parameter. The password of alphaadmin for the admin account may be used for authentication in some cases.
CVSS Score
4.8
EPSS Score
0.002
Published
2018-12-06