http://lists.sipwise.com/pipermail/spce-user_lists.sipwise.com/2021-September/014708.html

http://packetstormsecurity.com/files/162316/Sipwise-C5-NGCP-CSC-Cross-Site-Scripting.html

https://www.sipwise.com

https://www.zeroscience.mk/en/vulnerabilities

https://www.zeroscience.mk/en/vulnerabilities/ZSL-2021-5648.php

OR
     *cpe:2.3:a:sipwise:next_generation_communication_platform:*:*:*:*:*:*:*:* versions up to (including) ce_m39.3.1

OR
     *cpe:2.3:a:sipwise:next_generation_communication_platform:3.6.7:*:*:*:ce:*:*:*

http://lists.sipwise.com/pipermail/spce-user_lists.sipwise.com/2021-September/014708.html No Types Assigned

http://lists.sipwise.com/pipermail/spce-user_lists.sipwise.com/2021-September/014708.html Exploit, Mailing List, Third Party Advisory

https://www.zeroscience.mk/en/vulnerabilities/ZSL-2021-5648.php No Types Assigned

https://www.zeroscience.mk/en/vulnerabilities/ZSL-2021-5648.php Exploit, Third Party Advisory

Sipwise C5 NGCP CSC through CE_mr9.3.1 has multiple authenticated stored and reflected XSS vulnerabilities when input passed via several parameters to several scripts is not properly sanitized before being returned to the user: Stored XSS in callforward/time/set/save (POST tsetname); Reflected XSS in addressbook (GET filter); Stored XSS in addressbook/save (POST firstname, lastname, company); and Reflected XSS in statistics/versions (GET lang).

Sipwise C5 NGCP WWW Admin version 3.6.7 up to and including platform version NGCP CE 3.0 has multiple authenticated stored and reflected XSS vulnerabilities when input passed via several parameters to several scripts is not properly sanitized before being returned to the user: Stored XSS in callforward/time/set/save (POST tsetname); Reflected XSS in addressbook (GET filter); Stored XSS in addressbook/save (POST firstname, lastname, company); and Reflected XSS in statistics/versions (GET lang).

http://lists.sipwise.com/pipermail/spce-user_lists.sipwise.com/2021-September/014708.html [No Types Assigned]

Sipwise C5 NGCP CSC through CE_m39.3.1 has multiple authenticated stored and reflected XSS vulnerabilities when input passed via several parameters to several scripts is not properly sanitized before being returned to the user: Stored XSS in callforward/time/set/save (POST tsetname); Reflected XSS in addressbook (GET filter); Stored XSS in addressbook/save (POST firstname, lastname, company); and Reflected XSS in statistics/versions (GET lang).

Sipwise C5 NGCP CSC through CE_mr9.3.1 has multiple authenticated stored and reflected XSS vulnerabilities when input passed via several parameters to several scripts is not properly sanitized before being returned to the user: Stored XSS in callforward/time/set/save (POST tsetname); Reflected XSS in addressbook (GET filter); Stored XSS in addressbook/save (POST firstname, lastname, company); and Reflected XSS in statistics/versions (GET lang).

https://www.zeroscience.mk/en/vulnerabilities/ZSL-2021-5648.php [No Types Assigned]

NIST AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

NIST (AV:N/AC:M/Au:S/C:N/I:P/A:N)

NIST CWE-79

OR
     *cpe:2.3:a:sipwise:next_generation_communication_platform:*:*:*:*:*:*:*:* versions up to (including) ce_m39.3.1

http://packetstormsecurity.com/files/162316/Sipwise-C5-NGCP-CSC-Cross-Site-Scripting.html No Types Assigned

http://packetstormsecurity.com/files/162316/Sipwise-C5-NGCP-CSC-Cross-Site-Scripting.html Exploit, Third Party Advisory, VDB Entry

https://www.sipwise.com No Types Assigned

https://www.sipwise.com Product

https://www.zeroscience.mk/en/vulnerabilities No Types Assigned

https://www.zeroscience.mk/en/vulnerabilities Exploit, Third Party Advisory

Victim must voluntarily interact with attack mechanism