CVE-2021-31583

Sipwise C5 NGCP WWW Admin version 3.6.7 up to and including platform version NGCP CE 3.0 has multiple authenticated stored and reflected XSS vulnerabilities when input passed via several parameters to several scripts is not properly sanitized before being returned to the user: Stored XSS in callforward/time/set/save (POST tsetname); Reflected XSS in addressbook (GET filter); Stored XSS in addressbook/save (POST firstname, lastname, company); and Reflected XSS in statistics/versions (GET lang).
Configurations

Configuration 1 (hide)

cpe:2.3:a:sipwise:next_generation_communication_platform:3.6.7:*:*:*:ce:*:*:*

History

No history.

Information

Published : 2021-04-23 21:15

Updated : 2024-02-28 18:28


NVD link : CVE-2021-31583

Mitre link : CVE-2021-31583

CVE.ORG link : CVE-2021-31583


JSON object : View

Products Affected

sipwise

  • next_generation_communication_platform
CWE
CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')