CNNVD-202602-904 Information
CNNVD ID
CNNVD-202602-904
Related CVE
- CNNVD Published: 2026-02-06
Description (Chinese)
Asterisk是Asterisk开源的一款PBX系统的软件,运行在Linux系统上,支持使用SIP、IAX、H323协议进行IP通话。 Asterisk 20.7-cert9之前版本、20.18.2之前版本、21.12.1之前版本、22.8.2之前版本和23.2.2之前版本存在跨站脚本漏洞,该漏洞源于对Cookie和GET变量查询参数的处理不当,可能导致跨站脚本攻击。
Description (English)
Asterisk is a software for the Asterisk open source of the PBX system, which operates on the Linux system and supports IP calls using the SIP, IAX, H323 protocols. Before Asteristk 20.7-cert9, before 20.18.2, before 21.12.1, before 22.8.2 and before 23.2.2, there was a cross-site script loophole, which stemmed from the mishandling of the parameters of the Cookie and GET variables, which could lead to cross-site script attacks.
Hazard Level
High
Vulnerability Type
跨站脚本
Affected Vendor
Asterisk
Published
2026-02-06
Last Modified
2026-02-24
References
https://github.com/asterisk/asterisk/security/advisories/GHSA-v6hp-wh3r-cwxh https://access.redhat.com/security/cve/cve-2026-23738
Patch
https://github.com/asterisk/asterisk/releases
Share on: