Lucene search
China National Vulnerability DatabaseCNVD-2022-58228HistoryJul 07, 2022 - 12:00 a.m.
VICIdial Cross-Site Scripting Vulnerability
2022-07-0700:00:00
China National Vulnerability Database
www.cnvd.org.cn
30
vicidial
software suite
asterisk pbx
inbound/outbound contact center
email
cross-site scripting
vulnerability
versions
data validation
javascript code
client side
security document
EPSS
0.001
Percentile
31.3%
Vicidial is a software suite from Vicidial, Inc. Designed to interact with the Asterisk open source Pbx phone system as a complete inbound/outbound contact center suite with support for inbound email. cross-site scripting vulnerabilities exist in versions prior to VICIdial 2.14b0.5, which stem from a vulnerability in vicidial/AST_agent_time_sheet.php where the search_ archived_data parameter in vicidial/AST_agent_time_sheet.php lacks a data validation filter for user-supplied data and output. An attacker could use this vulnerability to execute JavaScript code on the client side.
Related
nvd
nvd
CVE-2022-34879
2022-07-05 16:15:08
cve
cve
CVE-2022-34879
2022-07-05 16:15:08
prion
prion
Cross site scripting
2022-07-05 16:15:00
