1 results (0.015 seconds)
CVSS: 6.1EPSS: 0%CPEs: 2EXPL: 3
CVSS: 6.1EPSS: 0%CPEs: 2EXPL: 3CVE-2014-3428 – Yealink VoIP Phones XSS / CRLF Injection
https://notcve.org/view.php?id=CVE-2014-3428
13 Jun 2014 — Cross-site scripting (XSS) vulnerability in Yealink VoIP Phones with firmware 28.72.0.2 allows remote attackers to inject arbitrary web script or HTML via the model parameter to servlet. Vulnerabilidad de XSS en Yealink VoIP Phones con firmware 28.72.0.2 permite a atacantes remotos inyectar secuencias de comandos web o HTML arbitrarios a través del parámetro model en servlet. Yealink VoIP Phones suffer from CRLF injection and cross site scripting vulnerabilities. This affects firmware version 28.72.0.2 and ... • https://packetstorm.news/files/id/127081 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •