CVE-2024-28722 Information

Description

Cross Site Scripting vulnerability in Innovaphone myPBX v.14r1 v.13r3 v.12r2 allows a remote attacker to execute arbitrary code via the query parameter to the /CMD0/xml_modes.xml endpoint

Reference

http://innovaphone.com http://mypbx.com https://wiki.innovaphone.com/index.php?title=Reference14r1:Release_Notes_Firmware#159317_-_Advanced_UI:_Prevent_XSL_injection