CVE-2018-19927

2018-12-06T23:29:00
ID CVE-2018-19927
Type cve
Reporter cve@mitre.org
Modified 2019-01-02T12:54:00

Description

Zenitel Norway IP-StationWeb before 4.2.3.9 allows stored XSS via the Display Name for Station Status or Account Settings, related to the goform/zForm_save_changes sip_nick parameter. The password of alphaadmin for the admin account may be used for authentication in some cases.