CVE-2021-31583

 

Published at: - 23-04-2021 11:15

Last modified: - 07-10-2022 04:57

Total changes: - 7

Description

Sipwise C5 NGCP WWW Admin version 3.6.7 up to and including platform version NGCP CE 3.0 has multiple authenticated stored and reflected XSS vulnerabilities when input passed via several parameters to several scripts is not properly sanitized before being returned to the user: Stored XSS in callforward/time/set/save (POST tsetname); Reflected XSS in addressbook (GET filter); Stored XSS in addressbook/save (POST firstname, lastname, company); and Reflected XSS in statistics/versions (GET lang).

Common Vulnerability Scoring System (CVSS)

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

 

Verification logic

 

Reference

• http://packetstormsecurity.com/files/162316/Sipwise-C5-NGCP-CSC-Cross-Site-Scripting.html
• https://www.zeroscience.mk/en/vulnerabilities
• https://www.sipwise.com
• https://www.zeroscience.mk/en/vulnerabilities/ZSL-2021-5648.php
• http://lists.sipwise.com/pipermail/spce-user_lists.sipwise.com/2021-September/014708.html

 

Keywords

NVD

 

CVE-2021-31583

 

CVE

 

Common vulnerabilities & exposures

 

CVSS

 

Common vulnerability scoring system

 

Security

 

Vulnerabilities

 

Exposures