Lucene search
PRIOn knowledge basePRION:CVE-2014-3428HistoryJun 16, 2014 - 6:55 p.m.
Cross site scripting
2014-06-1618:55:00
PRIOn knowledge base
www.prio-n.com
1
6.2 Medium
AI Score
Confidence
High
4.3 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:M/Au:N/C:N/I:P/A:N
0.003 Low
EPSS
Percentile
68.4%
Cross-site scripting (XSS) vulnerability in Yealink VoIP Phones with firmware 28.72.0.2 allows remote attackers to inject arbitrary web script or HTML via the model parameter to servlet.
| CPE | Name | Operator | Version |
|---|---|---|---|
| voip_phone | eq | 28.2.0.128.0.0.0 | |
| voip_phone_firmware | eq | 28.72.0.2 |
Related
cve
cve
CVE-2014-3428
2014-06-16 18:55:00
cvelist
cvelist
CVE-2014-3428
2014-06-16 18:00:00
packetstorm
packetstorm
Yealink VoIP Phones XSS / CRLF Injection
2014-06-13 00:00:00
securityvulns
securityvulns
Yealink VoIP phones security vulnerabilities
2014-06-13 00:00:00
6.2 Medium
AI Score
Confidence
High
4.3 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:M/Au:N/C:N/I:P/A:N
0.003 Low
EPSS
Percentile
68.4%
Related for PRION:CVE-2014-3428