Lucene search
MitreVULNRICHMENT:CVE-2024-28722HistoryApr 22, 2024 - 12:00 a.m.
CVE-2024-28722
2024-04-2200:00:00
mitre
github.com
2
cross site scripting
innovaphone mypbx
remote code execution
vulnerability
xml endpoint
Cross Site Scripting vulnerability in Innovaphone myPBX v.14r1, v.13r3, v.12r2 allows a remote attacker to execute arbitrary code via the query parameter to the /CMD0/xml_modes.xml endpoint
ADP Affected
[
{
"cpes": [
"cpe:2.3:a:innovaphone:innovaphone_pbx:v.12r2:*:*:*:*:*:*:*"
],
"vendor": "innovaphone",
"product": "innovaphone_pbx",
"versions": [
{
"status": "affected",
"version": "v.12r2"
}
],
"defaultStatus": "unknown"
},
{
"cpes": [
"cpe:2.3:a:innovaphone:innovaphone_pbx:v.14.r1:*:*:*:*:*:*:*"
],
"vendor": "innovaphone",
"product": "innovaphone_pbx",
"versions": [
{
"status": "affected",
"version": "v.14.r1"
}
],
"defaultStatus": "unknown"
},
{
"cpes": [
"cpe:2.3:a:innovaphone:innovaphone_pbx:v.13r3:*:*:*:*:*:*:*"
],
"vendor": "innovaphone",
"product": "innovaphone_pbx",
"versions": [
{
"status": "affected",
"version": "v.13r3"
}
],
"defaultStatus": "unknown"
}
]Related
cve
cve
CVE-2024-28722
2024-04-22 01:15:47
cvelist
cvelist
CVE-2024-28722
2024-04-22 00:00:00
nvd
nvd
CVE-2024-28722
2024-04-22 01:15:47
AI Score
7.3
Confidence
High
SSVC
Exploitation
none
Automatable
no
Technical Impact
partial
Related for VULNRICHMENT:CVE-2024-28722