CVE-2012-4259

C4B XPhone Unified Communications 2011 Web 4.1.890S R1 - Cross-Site Scripting via Company Name

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2012-4259. PoCs published by Vulnerability-Lab.

AI-analyzed exploit summary The document describes a persistent Cross-Site Scripting (XSS) vulnerability in C4B XPhone UC Web v4.1.890SR1, where an attacker can inject arbitrary script code via groupware applications like Microsoft Outlook or IBM Lotus Notes. The injected code executes when other users view the manipulated user's details on the web application.

Description

Cross-site scripting (XSS) vulnerability in the contacts in (1) XPhone UC Web and the (2) web frontend for XPhone Virtual Directory in C4B XPhone Unified Communications (UC) 2011 Web 4.1.890S R1 allows remote attackers to inject arbitrary web script or HTML via the company name. NOTE: some of these details are obtained from third party information.

Exploits (1)

exploitdb WRITEUP
by Vulnerability-Lab · textwebappsasp
https://www.exploit-db.com/exploits/18802

The document describes a persistent Cross-Site Scripting (XSS) vulnerability in C4B XPhone UC Web v4.1.890SR1, where an attacker can inject arbitrary script code via groupware applications like Microsoft Outlook or IBM Lotus Notes. The injected code executes when other users view the manipulated user's details on the web application.

Classification
Writeup 90%
Attack Type
Xss
Complexity
Trivial
Reliability
Reliable
Target: C4B XPhone UC Web v4.1.890SR1
Auth required
Prerequisites: Access to modify groupware details (e.g., Microsoft Outlook or IBM Lotus Notes)
MITRE ATT&CK
mistral-large-3 · analyzed Feb 16, 2026 Full analysis →

References (7)

Core 7
Core References
Exploit vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/53283
Vendor Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/48979
Exploit mailing-list x_refsource_bugtraq
http://archives.neohapsis.com/archives/bugtraq/2012-04/0216.html
Third Party Advisory, VDB Entry vdb-entry x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/75221
Third Party Advisory, VDB Entry vdb-entry x_refsource_osvdb
http://osvdb.org/81559
Exploit x_refsource_misc
http://security.inshell.net/advisory/16
Exploit exploit x_refsource_exploit-db
http://www.exploit-db.com/exploits/18802

Scores

EPSS 0.0190
EPSS Percentile 77.2%

Details

CWE
CWE-79
Status published
Products (1)
c4b/xphone_unified_communications_2011 4.1.890s r1
Published Aug 13, 2012
Tracked Since Feb 18, 2026