EIP-2026-102013

This is a technical writeup detailing XSS and data disclosure vulnerabilities in Snom IP Phone web interfaces. It explains how an attacker can inject JavaScript via the address book and disclose SIP credentials via a direct URL access.