Tags › CVE-2021-1000004

VoIPmonitor: cross-site scripting via SIP messages

Published on Mar 15, 2021 in CVE-2021-1000004, voipmonitor, cross-site scripting, security advisory

Fixed versions: VoIPmonitor WEB GUI 24.56
Enable Security Advisory: https://www.enablesecurity.com/advisories/ES2021-02-voipmonitor-gui-xss/
VoIPmonitor Security Advisory: none, changelog references fixes at https://www.voipmonitor.org/changelog-gui?major=5
Tested vulnerable versions: 24.53, 24.54, 24.55
References: CVE-2021-1000004
Timeline:
- Report date: 2021-02-10
- Triaged: 2021-02-12
- First fixes available: 2021-02-15
- Fixes to actually address XSS: 2021-02-22
- VoIPmonitor release with fix: 2021-02-22
- Enable Security advisory: 2021-03-15

Description

Multiple Cross-Site Scripting vulnerabilities were observed in the VoIPmonitor WEB GUI. These vulnerabilities can be exploited by sending SIP messages towards hosts monitored by VoIPmonitor. During our tests, the following areas were affected:

…

Tags › CVE-2021-1000004

VoIPmonitor: cross-site scripting via SIP messages

Description

Subscribe