CNNVD-202601-4922 Information

CNNVD ID

CNNVD-202601-4922

Related CVE

CVE-2020-37018

• CNNVD Published: 2026-01-29

Description (Chinese)

GOautodial是GOautodial开源的下一代全渠道联络中心套件。 GOautodial 4.0版本存在跨站脚本漏洞，该漏洞源于经过身份验证的代理可通过消息主题注入恶意脚本，可能导致持久型跨站脚本攻击。

Description (English)

GOautodial is the next generation full-channel focal point package for GOautodial open source. The GOautodial 4.0 version has a cross-site script loophole, which stems from the fact that an identified agent can inject a malicious script through the subject of the message, which could lead to a permanent cross-site attack.

Hazard Level

High

Vulnerability Type

跨站脚本

Affected Vendor

GOautodial

Published

2026-01-29

Last Modified

2026-02-24

References

https://goautodial.org/ https://www.exploit-db.com/exploits/48690 https://www.vulncheck.com/advisories/goautodial-persistent-cross-site-scripting