Vulners
Lucene search
AudioCode 400HD Cross Site scripting
| Reporter | Title | Published | Views | Family All 9 |
|---|---|---|---|---|
 | AudioCode 400HD Cross Site scripting Vulnerability | 12 Jan 201900:00 | – | zdt |
 | CVE-2018-10091 | 21 Mar 201917:36 | – | circl |
 | AudioCodes 400HD Cross-Site Scripting Vulnerability | 15 Jan 201900:00 | – | cnvd |
 | CVE-2018-10091 | 17 Mar 201917:00 | – | cve |
 | CVE-2018-10091 | 17 Mar 201917:00 | – | cvelist |
 | EUVD-2018-2173 | 7 Oct 202500:30 | – | euvd |
 | CVE-2018-10091 | 21 Mar 201916:00 | – | nvd |
 | Cross site scripting | 21 Mar 201916:00 | – | prion |
 | CVE-2018-10091 | 9 Jan 202612:17 | – | redhatcve |
`# [CVE-2018-10091] Stored XSS vulnerabilities in AudioCode IP phones
## Description
The AudioCodes 400HD series of IP phones is a range of easy-to-use,
feature-rich desktop devices for the service provider hosted services,
enterprise IP telephony and contact center markets.
Most of user inputs in the CGI interface are not protected against XSS
injections.
Theses vulnerabilities have only been tested on the 420HD phone.
## Vulnerability records
**CVE ID**: CVE-2018-10091
**Access Vector**: remote
**Security Risk**: medium
**Vulnerability**: CWE-79
**CVSS Base Score**: 5.5
**CVSS Vector String**:
CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:N/E:H/RC:C
## Details
The script `mainform.cgi` is vulnerable to multiple stored XSS
vulnerabilities.
For example, it is possible to add the following string :
```html
<script>alert("XSS")</script>
```
within any field (`Name`, `Office`, `Home` or `Mobile`) on the
`Directory` page (used to add contacts). This will trigger JavaScript
code execution in the browser.
The payload gets stored and remains active in the page.
All forms on the web application, where the user input is printed on the
page, seem to be vulnerable.
Note that the vulnerable page is only available to authenticated users
(in possession of the admin configuration password).
## Timeline (dd/mm/yyyy)
* 06/03/2018 : Initial discovery
* 17/04/2018 : Vendor contact
* 17/05/2018 : Vendor technical team aknowledgment
* 15/08/2018 : Vendor submit a private 2.2.16.128 pre-release that,
according to our test, did not mitigate the issue.
* 10/01/2019 : Public disclosure
## Fixes
AudioCodes allegedly fixed the issue in version 2.2.16.128.
## Affected versions
Theses vulnerabilities have only been tested on the 420HD phone
(firmware version: 2.2.12.126).
## Credits
a.baube at sysdream dot com
--
SYSDREAM Labs <[email protected]>
GPG :
47D1 E124 C43E F992 2A2E
1551 8EB4 8CD9 D5B2 59A1
* Website: https://sysdream.com/
* Twitter: @sysdream
`
Data
Build on a solid foundation with Vulners data
We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data
Api
Power your application with Vulners API
The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access
App
Assess and manage vulnerabilities with Vulners tools
Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation
12 Jan 2019 00:00Current
5.2Medium risk
Vulners AI Score5.2
EPSS0.00229