CVE-2024-36697 Information
Jul 12, 2025
cve
Description
A cross-site scripting (XSS) vulnerability in the Admin Login page of Allworx System Software v9.1.9.12 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the SessionID parameter at query.asp.
Reference
http://allworx.com https://gist.github.com/roidrage52/d3e419550b91ff041abd55f698fb1e16
Related CNNVD
CNNVD-202507-1490 (Published: 2025-07-10)
Share on: