Vulnerabilities > Zenitel > IP Stationweb Firmware
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2018-12-06 | CVE-2018-19927 | Cross-site Scripting vulnerability in Zenitel Ip-Stationweb Firmware Zenitel Norway IP-StationWeb before 4.2.3.9 allows stored XSS via the Display Name for Station Status or Account Settings, related to the goform/zForm_save_changes sip_nick parameter. | 3.5 |
| 2018-12-06 | CVE-2018-19926 | Cross-site Scripting vulnerability in Zenitel Ip-Stationweb Firmware Zenitel Norway IP-StationWeb before 4.2.3.9 allows reflected XSS via the goform/ PATH_INFO. | 4.3 |