Description
Cross-site scripting (XSS) vulnerability in the contacts in (1) XPhone UC Web and the (2) web frontend for XPhone Virtual Directory in C4B XPhone Unified Communications (UC) 2011 Web 4.1.890S R1 allows remote attackers to inject arbitrary web script or HTML via the company name. NOTE: some of these details are obtained from third party information.
Exploits (1)
References (7)
Core 7
Core References
Exploit vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/53283
Vendor Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/48979
Exploit mailing-list
x_refsource_bugtraq
http://archives.neohapsis.com/archives/bugtraq/2012-04/0216.html
Third Party Advisory, VDB Entry vdb-entry
x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/75221
Third Party Advisory, VDB Entry vdb-entry
x_refsource_osvdb
http://osvdb.org/81559
Exploit x_refsource_misc
http://security.inshell.net/advisory/16
Exploit exploit
x_refsource_exploit-db
http://www.exploit-db.com/exploits/18802
Scores
EPSS
0.0984
EPSS Percentile
93.0%
Details
CWE
CWE-79
Status
published
Products (1)
c4b/xphone_unified_communications_2011
4.1.890s r1
Published
Aug 13, 2012
Tracked Since
Feb 18, 2026