Cross-Site Scripting Vulnerability in Linksys VoIP Phone
CVE-2007-5411

Currently unrated

Key Information:

Vendor: Linksys
Status: Spa941
Vendor: CVE Published:; 12 October 2007

Summary

The Linksys SPA941 VoIP Phone with firmware version 5.1.8 is vulnerable to a Cross-Site Scripting (XSS) attack. This vulnerability allows remote attackers to inject arbitrary web scripts or HTML, specifically through the From header in a SIP message. If successfully executed, this could enable unauthorized actions to be taken on behalf of legitimate users, potentially leading to further exploitation within the affected network.

References

http://secunia.com/advisories/27116

third-party-advisoryx_refsource_SECUNIA

http://www.securityfocus.com/bid/25987

vdb-entryx_refsource_BID

https://exchange.xforce.ibmcloud.com/vulnerabilities/37022

vdb-entryx_refsource_XF

Timeline

Vulnerability published
Oct 12, 2007
Vulnerability Reserved
Oct 12, 2007