Cross Site Scripting vulnerability in Innovaphone myPBX v.14r1, v.13r3, v.12r2 allows a remote attacker to execute arbitrary code via the query parameter to the /CMD0/xml_modes.xml endpoint
[
{
"cpes": [
"cpe:2.3:a:innovaphone:innovaphone_pbx:v.12r2:*:*:*:*:*:*:*"
],
"vendor": "innovaphone",
"product": "innovaphone_pbx",
"versions": [
{
"status": "affected",
"version": "v.12r2"
}
],
"defaultStatus": "unknown"
},
{
"cpes": [
"cpe:2.3:a:innovaphone:innovaphone_pbx:v.14.r1:*:*:*:*:*:*:*"
],
"vendor": "innovaphone",
"product": "innovaphone_pbx",
"versions": [
{
"status": "affected",
"version": "v.14.r1"
}
],
"defaultStatus": "unknown"
},
{
"cpes": [
"cpe:2.3:a:innovaphone:innovaphone_pbx:v.13r3:*:*:*:*:*:*:*"
],
"vendor": "innovaphone",
"product": "innovaphone_pbx",
"versions": [
{
"status": "affected",
"version": "v.13r3"
}
],
"defaultStatus": "unknown"
}
]