CVE-2012-4259
C4B XPhone Unified Communications 2011 Web 4.1.890S R1 - Cross-Site Scripting via Company Name
Title source: llmExploitation Summary
EIP tracks 1 public exploit for CVE-2012-4259. PoCs published by Vulnerability-Lab.
AI-analyzed exploit summary The document describes a persistent Cross-Site Scripting (XSS) vulnerability in C4B XPhone UC Web v4.1.890SR1, where an attacker can inject arbitrary script code via groupware applications like Microsoft Outlook or IBM Lotus Notes. The injected code executes when other users view the manipulated user's details on the web application.
Description
Cross-site scripting (XSS) vulnerability in the contacts in (1) XPhone UC Web and the (2) web frontend for XPhone Virtual Directory in C4B XPhone Unified Communications (UC) 2011 Web 4.1.890S R1 allows remote attackers to inject arbitrary web script or HTML via the company name. NOTE: some of these details are obtained from third party information.
Exploits (1)
The document describes a persistent Cross-Site Scripting (XSS) vulnerability in C4B XPhone UC Web v4.1.890SR1, where an attacker can inject arbitrary script code via groupware applications like Microsoft Outlook or IBM Lotus Notes. The injected code executes when other users view the manipulated user's details on the web application.