CVE-2018-16220

Published: Apr 25, 2019

Modified: Aug 5, 2024

PUBLISHED

Description

Cross Site Scripting in different input fields (domain field and personal settings) in AudioCodes 405HD VoIP phone with firmware 2.2.12 allows an attacker (local or remote) to inject JavaScript into the web interface of the device by manipulating the phone book entries or manipulating the domain name sent to the device from the domain controller.

Vendor	Product	Versions
n/a	n/a	affected `n/a`

References

https://www.sit.fraunhofer.de/fileadmin/dokumente/CVE/Advisory_AudioCodes_405HD.pdf

x_refsource_MISC

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now

CVE-2018-16220

Description

Affected Products

References