Cross-Site Scripting Vulnerability in Lifesize Express Devices
CVE-2018-17981

6.1MEDIUM

Key Information:

Vendor: Lifesize
Status: Express 220 Firmware
Vendor: CVE Published:; 22 January 2020

What is CVE-2018-17981?

This vulnerability in Lifesize Express devices, specifically in versions ls ex2_4.7.10 and 2000 (14), stems from improper validation of user inputs in the interface.php file. The flaw allows attackers to inject malicious scripts through the 'brand' parameter, potentially compromising user data and leading to unauthorized access. Users and administrators should apply necessary security measures to mitigate risks associated with this vulnerability.

References

https://sku11army.blogspot.com/2020/01/lifesize-devices-a...

x_refsource_MISC

CVSS V3.1

Score:

6.1

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jan 22, 2020
Vulnerability Reserved
Oct 4, 2018

CVE-2018-17981 Data

JSON