Cross-Site Scripting in Intelbras VoIP Devices
CVE-2020-12262
5.4MEDIUM
Summary
Intelbras VoIP devices, specifically the TIP200, TIP200LITE, and TIP300 models, are susceptible to a Cross-Site Scripting (XSS) vulnerability. This flaw allows an attacker to inject malicious scripts through the vulnerable CGI endpoint /cgi-bin/cgiServer.exx?page=, potentially enabling unauthorized access or manipulation of user data. Users of these devices are strongly advised to implement security measures to minimize the risk of exploitation and ensure the integrity of their communications.
References
CVSS V3.1
Score:
5.4
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
Required
Scope:
Changed
Timeline
Vulnerability published
Vulnerability Reserved