| |
Vulnerability CVE-2024-28722
Published: 2024-04-22
Description: |
Cross Site Scripting vulnerability in Innovaphone myPBX v.14r1, v.13r3, v.12r2 allows a remote attacker to execute arbitrary code via the query parameter to the /CMD0/xml_modes.xml endpoint |
References: |
http://innovaphone.com
http://mypbx.com
https://wiki.innovaphone.com/index.php?title=Reference14r1:Release_Notes_Firmware#159317_-_Advanced_UI:_Prevent_XSL_injection
|
|
|
Copyright 2024, cxsecurity.com
|
|
|