[Forgot Password]
Login  Register Subscribe

30430

 
 

423868

 
 

247621

 
 

909

 
 

194512

 
 

282

 
Paid content will be excluded from the download.


Download | Alert*
CVE
view JSON

CVE-2011-2545Date: (C)2012-06-13   (M)2023-12-22


Cross-site scripting (XSS) vulnerability in the SIP implementation on the Cisco SPA8000 and SPA8800 before 6.1.11, SPA2102 and SPA3102 before 5.2.13, and SPA 500 series IP phones before 7.4.9 allows remote attackers to inject arbitrary web script or HTML via the FROM field of an INVITE message, aka Bug IDs CSCtr27277, CSCtr27256, CSCtr27274, and CSCtr14715.

CVSS Score and Metrics +CVSS Score and Metrics -

CVSS V2 Severity:
CVSS Score : 4.3
Exploit Score: 8.6
Impact Score: 2.9
 
CVSS V2 Metrics:
Access Vector: NETWORK
Access Complexity: MEDIUM
Authentication: NONE
Confidentiality: NONE
Integrity: PARTIAL
Availability: NONE
  
Reference:
http://tools.cisco.com/security/center/viewAlert.x?alertId=26037

CPE    25
cpe:/o:cisco:spa3102_voice_gateway_with_router_firmware:5.1.7
cpe:/h:cisco:spa_504g_4-line_ip_phone
cpe:/h:cisco:spa_509g_12-line_ip_phone
cpe:/o:cisco:spa8000_8-port_ip_telephony_gateway_firmware:5.1.12
...
CWE    1
CWE-79

© SecPod Technologies