Cross-Site Scripting Vulnerabilities in Sipwise C5 NGCP WWW Admin
CVE-2021-31583

5.4MEDIUM

Key Information:

Vendor

Sipwise

Status
Next Generation Communication Platform
Vendor
CVE Published:
23 April 2021

What is CVE-2021-31583?

The Sipwise C5 NGCP WWW Admin application, specifically versions up to 3.6.7 and platform version NGCP CE 3.0, is susceptible to multiple cross-site scripting (XSS) vulnerabilities. These occur when user input is not adequately sanitized, allowing malicious scripts to be executed in the context of a user’s session. Notable instances include stored XSS vulnerabilities in the call forward setup and address book save functionalities, as well as reflected XSS in the address book filtering and statistics version retrieval. Proper input validation and sanitization measures are essential to mitigate these vulnerabilities.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

References

https://www.zeroscience.mk/en/vulnerabilities
x_refsource_MISC
https://www.sipwise.com
x_refsource_MISC
http://packetstormsecurity.com/files/162316/Sipwise-C5-NG...
x_refsource_MISC

CVSS V3.1

Score:
5.4
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
Required
Scope:
Changed

Timeline

  • Vulnerability published

  • Vulnerability Reserved

JSON
.