Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Grandstream GXP1625 Network Status api.values.post cross site scripting
Vulnerability Description
A security flaw has been discovered in Grandstream GXP1625 1.0.7.4. The impacted element is an unknown function of the file /cgi-bin/api.values.post of the component Network Status Page. Performing manipulation of the argument vpn_ip results in basic cross site scripting. Remote exploitation of the attack is possible. The exploit has been released to the public and may be exploited. The vendor was contacted early about this disclosure but did not respond in any way.
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N
Vulnerability Type
Web页面中脚本相关HTML标签转义处理不恰当(基本跨站脚本)
Vulnerability Title
Grandstream GXP1625 安全漏洞
Vulnerability Description
Grandstream GXP1625是美国Grandstream公司的一款企业IP电话。 Grandstream GXP1625 1.0.7.4版本存在安全漏洞,该漏洞源于组件Network Status Page中文件/cgi-bin/api.values.post对参数vpn_ip的错误操作,可能导致基本跨站脚本攻击。
CVSS Information
N/A
Vulnerability Type
N/A