Vulnerabilities > Zenitel

DATE CVE VULNERABILITY TITLE RISK
2021-09-15 CVE-2021-40845 Unrestricted Upload of File with Dangerous Type vulnerability in Zenitel Alphacom XE Audio Server
The web part of Zenitel AlphaCom XE Audio Server through 11.2.3.10, called AlphaWeb XE, does not restrict file upload in the Custom Scripts section at php/index.php.
network
low complexity
zenitel CWE-434
6.5
2018-12-06 CVE-2018-19927 Cross-site Scripting vulnerability in Zenitel Ip-Stationweb Firmware
Zenitel Norway IP-StationWeb before 4.2.3.9 allows stored XSS via the Display Name for Station Status or Account Settings, related to the goform/zForm_save_changes sip_nick parameter.
network
zenitel CWE-79
3.5
2018-12-06 CVE-2018-19926 Cross-site Scripting vulnerability in Zenitel Ip-Stationweb Firmware
Zenitel Norway IP-StationWeb before 4.2.3.9 allows reflected XSS via the goform/ PATH_INFO.
network
zenitel CWE-79
4.3