Avm · Fritz!Os · CVE-2015-7242
**Name of the Vulnerable Software and Affected Versions**
AVM FRITZ!OS versions prior to 6.30
**Description**
A cross-site scripting (XSS) issue exists in the Push-Service-Mails feature, allowing remote attackers to inject arbitrary web script or HTML via the display name in the FROM field of an SIP INVITE message.
**Recommendations**
For versions prior to 6.30, update to version 6.30 or later to resolve the issue.