Unrated severityNVD Advisory· Published Apr 23, 2021· Updated Aug 3, 2024

CVE-2021-31583

Description

Sipwise C5 NGCP WWW Admin version 3.6.7 up to and including platform version NGCP CE 3.0 has multiple authenticated stored and reflected XSS vulnerabilities when input passed via several parameters to several scripts is not properly sanitized before being returned to the user: Stored XSS in callforward/time/set/save (POST tsetname); Reflected XSS in addressbook (GET filter); Stored XSS in addressbook/save (POST firstname, lastname, company); and Reflected XSS in statistics/versions (GET lang).

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

Sipwise/C5 NGCP WWW Admindescription
Sipwise/C5 NGCP www_cscllm-fuzzy
Range: <= platform version NGCP CE 3.0

Patches

Vulnerability mechanics

References

lists.sipwise.com/pipermail/spce-user_lists.sipwise.com/2021-September/014708.htmlmitrex_refsource_MISC
packetstormsecurity.com/files/162316/Sipwise-C5-NGCP-CSC-Cross-Site-Scripting.htmlmitrex_refsource_MISC
www.sipwise.commitrex_refsource_MISC
www.zeroscience.mk/en/vulnerabilitiesmitrex_refsource_MISC
www.zeroscience.mk/en/vulnerabilities/ZSL-2021-5648.phpmitrex_refsource_MISC

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.001
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000