Show plain JSON{"id": "CVE-2012-1417", "cveTags": [], "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 3.5, "accessVector": "NETWORK", "vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N", "authentication": "SINGLE", "integrityImpact": "PARTIAL", "accessComplexity": "MEDIUM", "availabilityImpact": "NONE", "confidentialityImpact": "NONE"}, "acInsufInfo": false, "impactScore": 2.9, "baseSeverity": "LOW", "obtainAllPrivilege": false, "exploitabilityScore": 6.8, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": true}]}, "published": "2014-09-17T14:55:02.963", "references": [{"url": "http://archives.neohapsis.com/archives/bugtraq/2012-03/0056.html", "source": "cve@mitre.org"}, {"url": "http://packetstormsecurity.org/files/110320/yealink-xss.txt", "tags": ["Exploit"], "source": "cve@mitre.org"}, {"url": "http://secunia.com/advisories/48194", "source": "cve@mitre.org"}, {"url": "http://www.exploit-db.com/exploits/18540", "tags": ["Exploit"], "source": "cve@mitre.org"}, {"url": "http://www.osvdb.org/79675", "source": "cve@mitre.org"}, {"url": "http://www.securityfocus.com/bid/52209", "source": "cve@mitre.org"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/73573", "source": "cve@mitre.org"}, {"url": "http://archives.neohapsis.com/archives/bugtraq/2012-03/0056.html", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://packetstormsecurity.org/files/110320/yealink-xss.txt", "tags": ["Exploit"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://secunia.com/advisories/48194", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www.exploit-db.com/exploits/18540", "tags": ["Exploit"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www.osvdb.org/79675", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www.securityfocus.com/bid/52209", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/73573", "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Deferred", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-79"}]}], "descriptions": [{"lang": "en", "value": "Multiple cross-site scripting (XSS) vulnerabilities in Local Phone book and Blacklist form in Yealink VOIP Phones allow remote authenticated users to inject arbitrary web script or HTML via the user field to cgi-bin/ConfigManApp.com."}, {"lang": "es", "value": "M\u00faltiples vulnerabilidades de XSS en Local Phone book y Blacklist en Yealink VOIP Phones permiten a atacantes remotos inyectar secuencias de comandos web o HTML arbitrarios a trav\u00e9s del campo 'user' hacia cgi-bin/ConfigManApp.com."}], "lastModified": "2025-04-12T10:46:40.837", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:yealink:gigabit_color_ip_phone_sip-t32g:-:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "D8274CC4-391F-49B2-BA1C-82F54DE4A5D9"}, {"criteria": "cpe:2.3:h:yealink:gigabit_color_ip_phone_sip-t38g:-:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "6ED3BACB-4AE6-4D53-B058-6FF1C7634F1D"}, {"criteria": "cpe:2.3:h:yealink:ip_phone_sip-t19p:-:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "4BF3E795-BF27-48D9-8737-CDA86FB580B1"}, {"criteria": "cpe:2.3:h:yealink:ip_phone_sip-t20p:-:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "1C593189-C2E8-44FD-9EE2-5E3DECF0A763"}, {"criteria": "cpe:2.3:h:yealink:ip_phone_sip-t21p:-:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "C09377BF-BB8F-44CD-BD47-3B381DC5CF5F"}, {"criteria": "cpe:2.3:h:yealink:ip_phone_sip-t22p:-:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "51EE4155-F0DE-4DB2-8E9F-ED316D241176"}, {"criteria": "cpe:2.3:h:yealink:ip_phone_sip-t26p:-:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "5C67D703-166F-4D26-9FF2-02133926B65F"}, {"criteria": "cpe:2.3:h:yealink:ip_phone_sip-t28p:-:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "0EA7DD45-BF4E-4F8B-858F-4AA16934F4B9"}, {"criteria": "cpe:2.3:h:yealink:ip_video_phone_vp530:-:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "16B6BDE8-846A-41D9-9F3F-E30635D41B6F"}, {"criteria": "cpe:2.3:h:yealink:ultra-elegant_ip_phone_sip-t41p:-:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "B78A770C-A9FC-4900-AA3C-72F41745CE2A"}, {"criteria": "cpe:2.3:h:yealink:ultra-elegant_ip_phone_sip-t42g:-:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "B6FF97DC-B477-4A58-8D23-59DD9D64C9B3"}, {"criteria": "cpe:2.3:h:yealink:ultra-elegant_ip_phone_sip-t46g:-:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "79D78818-02DE-4BF6-8AE3-490005329407"}, {"criteria": "cpe:2.3:h:yealink:ultra-elegant_ip_phone_sip-t48g:-:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "76ED7CFC-CFE7-41DB-B716-2F1F88478EFF"}, {"criteria": "cpe:2.3:h:yealink:w52p:-:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "613FA44A-0147-4AB5-83E8-9CDB906CCED2"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}