VYPR
Medium severity4.8NVD Advisory· Published Dec 6, 2018· Updated Jun 17, 2026

CVE-2018-19927

CVE-2018-19927

Description

Zenitel Norway IP-StationWeb before 4.2.3.9 allows stored XSS via the Display Name for Station Status or Account Settings, related to the goform/zForm_save_changes sip_nick parameter. The password of alphaadmin for the admin account may be used for authentication in some cases.

Affected products

1

Patches

Vulnerability mechanics

References

1

News mentions

0

No linked articles in our index yet.