CVE-2008-4876

Name of the Vulnerable Software and Affected Versions Philips Electronics VOIP841 DECT Phone versions 1.0.4.50 through 1.0.4.80

Description A cross-site scripting (XSS) issue exists in the web server component, allowing remote attackers to inject arbitrary web script or HTML via the request URL. This occurs because the web server does not properly handle the request URL in a 404 web error page.

Recommendations For versions 1.0.4.50 through 1.0.4.80, as a temporary workaround, consider restricting access to the web server component until a patch is available. Avoid using the web server component to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.