CVE-2024-28722
Severity CVSS v4.0:
Pending analysis
Type:
CWE-79
Cross-Site Scripting (XSS)
Publication date:
22/04/2024
Last modified:
03/07/2024
Description
Cross Site Scripting vulnerability in Innovaphone myPBX v.14r1, v.13r3, v.12r2 allows a remote attacker to execute arbitrary code via the query parameter to the /CMD0/xml_modes.xml endpoint
Impact
Base Score 3.x
6.30
Severity 3.x
MEDIUM