漏洞描述
Cisco IP Phone是美国思科(Cisco)公司的一个硬件设备。提供通话功能的IP电话。 Cisco IP Phone存在跨站脚本漏洞,该漏洞源于受影响设备的WebUI未正确验证用户提供的输入。经过身份验证的远程攻击者对用户发起存储型跨站脚本(XSS)攻击。
Cisco IP Phone 跨站脚本漏洞
PoC代码
暂无相关漏洞推荐
- 金和OA /c6/Jhsoft.Web.addmenu/AccountSecuityForPhone.aspx/ SQL 注入漏洞
- ZYCOO CooVox Series IP Phone System /login 默认口令漏洞
- 明源地产ERP系统 /Hkbgl/PhoneWorkflow/Business/PhoneHandler.ashx SQL 注入漏洞
- Cisco Secure Firewall Management Center和Cisco Secure Firewall Threat Defense 操作系统命令注入漏洞
- POC CVE-2001-0537: Cisco IOS HTTP Configuration - Authentication Bypass
- POC CVE-2009-1558: Cisco Linksys WVC54GCA 1.00R22/1.00R24 - Local File Inclusion
- POC CVE-2011-3315: Cisco CUCM, UCCX, and Unified IP-IVR- Directory Traversal
- POC CVE-2013-5528: Cisco Unified Communications Manager 7/8/9 - Directory Traversal
- POC CVE-2018-0127: Cisco RV132W/RV134W Router - Information Disclosure
- POC CVE-2018-0296: Cisco ASA - Local File Inclusion
- POC CVE-2019-1653: Cisco Small Business WAN VPN Routers - Sensitive Information Disclosure
- POC CVE-2019-1821: Cisco Prime Infrastructure and Cisco Evolved Programmable Network Manager - Remote Code Execution
- POC CVE-2019-1898: Cisco RV110W RV130W RV215W Router - Information leakage