24 matches found
CVE-2021-31584
Sipwise C5 NGCP wwwcsc version 3.6.4 up to and including platform NGCP CE mr3.8.13 allows call/click2dial CSRF attacks for actions with administrative privileges...
CVE-2024-28344
An Open Redirect vulnerability was found in Sipwise C5 NGCP Dashboard below mr11.5.1. The Open Redirect vulnerability allows attackers to control the "back" parameter in the URL through a double encoded URL...
CVE-2024-28344
An Open Redirect vulnerability was found in Sipwise C5 NGCP Dashboard below mr11.5.1. The Open Redirect vulnerability allows attackers to control the "back" parameter in the URL through a double encoded URL...
CVE-2024-28345
An issue discovered in Sipwise C5 NGCP Dashboard below mr11.5.1 allows a low privileged user to access the Journal endpoint by directly visit the URL...
CVE-2024-28344
An Open Redirect vulnerability was found in Sipwise C5 NGCP Dashboard below mr11.5.1. The Open Redirect vulnerability allows attackers to control the "back" parameter in the URL through a double encoded URL...
CVE-2024-28345
An issue discovered in Sipwise C5 NGCP Dashboard below mr11.5.1 allows a low privileged user to access the Journal endpoint by directly visit the URL...
CVE-2024-28344
CVE-2024-28344: Open Redirect vulnerability in Sipwise C5 NGCP Dashboard before mr11.5.1. The issue allows an attacker to manipulate the back parameter via a double-encoded URL. Impact is low in CVSS terms per provided metrics, and exploitation would require user interaction. Remediation: update ...
PT-2024-22399 · Sipwise · Sipwise C5 Ngcp Dashboard
Name of the Vulnerable Software and Affected Versions: Sipwise C5 NGCP Dashboard versions prior to mr11.5.1 Description: An issue in Sipwise C5 NGCP Dashboard allows a low-privileged user to access the "Journal endpoint" by directly visiting the URL. Recommendations: For versions prior to mr11.5....
CVE-2024-28345
Sipwise C5 NGCP Dashboard (versions prior to mr11.5.1) is affected by CVE-2024-28345, where a low-privileged user can access the Journal endpoint by directly visiting its URL. The vulnerability reference across sources indicates insufficient access control/endpoint exposure that allows direct URL...
PT-2024-22398 · Sipwise · Sipwise C5 Ngcp Dashboard
Name of the Vulnerable Software and Affected Versions: Sipwise C5 NGCP Dashboard versions prior to mr11.5.1 Description: An Open Redirect issue was found, allowing attackers to control the back parameter in the URL through a double encoded URL. This enables attackers to redirect users to unintend...
Sipwise C5 NGCP CSC Cross-Site Request Forgery Vulnerability
Sipwise C5 NGCP CSC is an application system from Sipwise Austria. A core system for unified communications solutions. A cross-site request forgery vulnerability exists in Sipwise C5 NGCP CSC 3.6.7, which can be exploited by an attacker for cross-site request forgery...
Sipwise C5 NGCP CSC Cross-Site Scripting Vulnerability
Sipwise C5 NGCP CSC is an application system from Sipwise Austria. A core system for unified communications solutions. A cross-site scripting vulnerability exists in Sipwise C5 NGCP CSC CEm39.3.1 version and prior versions, which stems from input passed via several parameters to several scripts...
CVE-2021-31584
Sipwise C5 NGCP wwwcsc version 3.6.4 up to and including platform NGCP CE mr3.8.13 allows call/click2dial CSRF attacks for actions with administrative privileges...
CVE-2021-31583
Sipwise C5 NGCP WWW Admin version 3.6.7 up to and including platform version NGCP CE 3.0 has multiple authenticated stored and reflected XSS vulnerabilities when input passed via several parameters to several scripts is not properly sanitized before being returned to the user: Stored XSS in...
Cross site request forgery (csrf)
Sipwise C5 NGCP wwwcsc version 3.6.4 up to and including platform NGCP CE mr3.8.13 allows call/click2dial CSRF attacks for actions with administrative privileges...
Cross site scripting
Sipwise C5 NGCP WWW Admin version 3.6.7 up to and including platform version NGCP CE 3.0 has multiple authenticated stored and reflected XSS vulnerabilities when input passed via several parameters to several scripts is not properly sanitized before being returned to the user: Stored XSS in...
CVE-2021-31584
Sipwise C5 NGCP wwwcsc version 3.6.4 up to and including platform NGCP CE mr3.8.13 allows call/click2dial CSRF attacks for actions with administrative privileges...
CVE-2021-31584
CVE-2021-31584 affects Sipwise C5 NGCP CSC; CSRF allows performing actions with administrative privileges via the www_csc interface for versions up to CE mr3.8.13 (3.6.4). Documented impacts include cross-site requests made by authenticated users to admin endpoints; exploit information exists (CS...
CVE-2021-31583
Sipwise C5 NGCP WWW Admin version 3.6.7 up to and including platform version NGCP CE 3.0 has multiple authenticated stored and reflected XSS vulnerabilities when input passed via several parameters to several scripts is not properly sanitized before being returned to the user: Stored XSS in...
CVE-2021-31583
Affected software: Sipwise C5 NGCP WWW Admin (NGCP CE 3.0 era; also NGCP www_admin 3.6.7). Description and connected sources document multiple authenticated stored and reflected XSS vulnerabilities arising when input to several scripts/parameters is not properly sanitized. Confirmed vulnerable lo...