Shodan
Vulnerabilities
Vulnerable Software
Zenitel:  Security Vulnerabilities
CVE-2021-40845
The web part of Zenitel AlphaCom XE Audio Server through 11.2.3.10, called AlphaWeb XE, does not restrict file upload in the Custom Scripts section at php/index.php. Neither the content nor extension of the uploaded files is checked, allowing execution of PHP code under the /cmd directory.
CVSS Score
8.8
EPSS Score
0.27
Published
2021-09-15
CVE-2018-19926
Zenitel Norway IP-StationWeb before 4.2.3.9 allows reflected XSS via the goform/ PATH_INFO.
CVSS Score
6.1
EPSS Score
0.002
Published
2018-12-06
CVE-2018-19927
Zenitel Norway IP-StationWeb before 4.2.3.9 allows stored XSS via the Display Name for Station Status or Account Settings, related to the goform/zForm_save_changes sip_nick parameter. The password of alphaadmin for the admin account may be used for authentication in some cases.
CVSS Score
4.8
EPSS Score
0.002
Published
2018-12-06


Products
Pricing
Contact Us

Shodan ® - All rights reserved