VYPR

IP-StationWeb

by Zenitel

CVEs (2)

  • CVE-2018-19926MedDec 6, 2018
    risk 0.40cvss 6.1epss 0.01

    Zenitel Norway IP-StationWeb before 4.2.3.9 allows reflected XSS via the goform/ PATH_INFO.

  • CVE-2018-19927MedDec 6, 2018
    risk 0.31cvss 4.8epss 0.01

    Zenitel Norway IP-StationWeb before 4.2.3.9 allows stored XSS via the Display Name for Station Status or Account Settings, related to the goform/zForm_save_changes sip_nick parameter. The password of alphaadmin for the admin account may be used for authentication in some cases.