21 matches found
CVE-2021-31584
Sipwise C5 NGCP wwwcsc version 3.6.4 up to and including platform NGCP CE mr3.8.13 allows call/click2dial CSRF attacks for actions with administrative privileges...
CVE-2024-28344
An Open Redirect vulnerability was found in Sipwise C5 NGCP Dashboard below mr11.5.1. The Open Redirect vulnerability allows attackers to control the "back" parameter in the URL through a double encoded URL...
CVE-2024-28344
An Open Redirect vulnerability was found in Sipwise C5 NGCP Dashboard below mr11.5.1. The Open Redirect vulnerability allows attackers to control the "back" parameter in the URL through a double encoded URL...
CVE-2024-28344
An Open Redirect vulnerability was found in Sipwise C5 NGCP Dashboard below mr11.5.1. The Open Redirect vulnerability allows attackers to control the "back" parameter in the URL through a double encoded URL...
CVE-2024-28344
CVE-2024-28344: Open Redirect vulnerability in Sipwise C5 NGCP Dashboard before mr11.5.1. The issue allows an attacker to manipulate the back parameter via a double-encoded URL. Impact is low in CVSS terms per provided metrics, and exploitation would require user interaction. Remediation: update ...
CVE-2024-28345
An issue discovered in Sipwise C5 NGCP Dashboard below mr11.5.1 allows a low privileged user to access the Journal endpoint by directly visit the URL...
CVE-2024-28345
An issue discovered in Sipwise C5 NGCP Dashboard below mr11.5.1 allows a low privileged user to access the Journal endpoint by directly visit the URL...
PT-2024-22399 · Sipwise · Sipwise C5 Ngcp Dashboard
Name of the Vulnerable Software and Affected Versions: Sipwise C5 NGCP Dashboard versions prior to mr11.5.1 Description: An issue in Sipwise C5 NGCP Dashboard allows a low-privileged user to access the "Journal endpoint" by directly visiting the URL. Recommendations: For versions prior to mr11.5....
CVE-2024-28345
Sipwise C5 NGCP Dashboard (versions prior to mr11.5.1) is affected by CVE-2024-28345, where a low-privileged user can access the Journal endpoint by directly visiting its URL. The vulnerability reference across sources indicates insufficient access control/endpoint exposure that allows direct URL...
Sipwise C5 NGCP CSC Cross-Site Scripting Vulnerability
Sipwise C5 NGCP CSC is an application system from Sipwise Austria. A core system for unified communications solutions. A cross-site scripting vulnerability exists in Sipwise C5 NGCP CSC CEm39.3.1 version and prior versions, which stems from input passed via several parameters to several scripts...
Sipwise C5 NGCP CSC Cross-Site Request Forgery Vulnerability
Sipwise C5 NGCP CSC is an application system from Sipwise Austria. A core system for unified communications solutions. A cross-site request forgery vulnerability exists in Sipwise C5 NGCP CSC 3.6.7, which can be exploited by an attacker for cross-site request forgery...
CVE-2021-31583
Sipwise C5 NGCP WWW Admin version 3.6.7 up to and including platform version NGCP CE 3.0 has multiple authenticated stored and reflected XSS vulnerabilities when input passed via several parameters to several scripts is not properly sanitized before being returned to the user: Stored XSS in...
CVE-2021-31584
Sipwise C5 NGCP wwwcsc version 3.6.4 up to and including platform NGCP CE mr3.8.13 allows call/click2dial CSRF attacks for actions with administrative privileges...
Cross site scripting
Sipwise C5 NGCP WWW Admin version 3.6.7 up to and including platform version NGCP CE 3.0 has multiple authenticated stored and reflected XSS vulnerabilities when input passed via several parameters to several scripts is not properly sanitized before being returned to the user: Stored XSS in...
Cross site request forgery (csrf)
Sipwise C5 NGCP wwwcsc version 3.6.4 up to and including platform NGCP CE mr3.8.13 allows call/click2dial CSRF attacks for actions with administrative privileges...
CVE-2021-31584
Sipwise C5 NGCP wwwcsc version 3.6.4 up to and including platform NGCP CE mr3.8.13 allows call/click2dial CSRF attacks for actions with administrative privileges...
CVE-2021-31583
Sipwise C5 NGCP WWW Admin version 3.6.7 up to and including platform version NGCP CE 3.0 has multiple authenticated stored and reflected XSS vulnerabilities when input passed via several parameters to several scripts is not properly sanitized before being returned to the user: Stored XSS in...
Sipwise C5 NGCP CSC Multiple Stored/Reflected XSS Vulnerabilities
Summary Sipwise C5 also known as NGCP - the Next Generation Communication Platform is a SIP-based Open Source Class 5 VoIP soft-switch platform that allows you to provide rich telephony services. It offers a wide range of features e.g. call forwarding, voicemail, conferencing etc. that can be...
Sipwise C5 NGCP CSC CSRF Click2Dial Exploit
Summary Sipwise C5 also known as NGCP - the Next Generation Communication Platform is a SIP-based Open Source Class 5 VoIP soft-switch platform that allows you to provide rich telephony services. It offers a wide range of features e.g. call forwarding, voicemail, conferencing etc. that can be...
Sipwise C5 NGCP CSC - Click2Dial Cross-Site Request Forgery (CSRF)
Exploit Title: Sipwise C5 NGCP CSC - Click2Dial Cross-Site Request Forgery CSRF Date: 13.04.2021 Exploit Author: LiquidWorm Vendor Homepage: https://www.sipwise.com Sipwise C5 NGCP CSC CSRF Click2Dial Exploit Vendor: Sipwise GmbH Product web page: https://www.sipwise.com Affected version:...