CVE-2024-28722

{"id": "CVE-2024-28722", "metrics": {}, "published": "2024-04-22T01:15:47.257", "references": [{"url": "http://innovaphone.com", "source": "cve@mitre.org"}, {"url": "http://mypbx.com", "source": "cve@mitre.org"}, {"url": "https://wiki.innovaphone.com/index.php?title=Reference14r1:Release_Notes_Firmware#159317_-_Advanced_UI:_Prevent_XSL_injection", "source": "cve@mitre.org"}], "vulnStatus": "Awaiting Analysis", "descriptions": [{"lang": "en", "value": "Cross Site Scripting vulnerability in Innovaphone myPBX v.14r1, v.13r3, v.12r2 allows a remote attacker to execute arbitrary code via the query parameter to the /CMD0/xml_modes.xml endpoint"}, {"lang": "es", "value": "Vulnerabilidad de Cross Site Scripting en Innovaphone myPBX v.14r1, v.13r3, v.12r2 permite a un atacante remoto ejecutar c\u00f3digo arbitrario a trav\u00e9s del par\u00e1metro de consulta en el endpoint /CMD0/xml_modes.xml"}], "lastModified": "2024-04-22T13:28:43.747", "sourceIdentifier": "cve@mitre.org"}