CVE-2012-4259

Name of the Vulnerable Software and Affected Versions C4B XPhone Unified Communications (UC) 2011 Web version 4.1.890S R1

Description A cross-site scripting (XSS) issue exists, allowing remote attackers to inject arbitrary web script or HTML via the company name in the contacts. This could potentially lead to unauthorized actions on the web application.

Recommendations For version 4.1.890S R1, as a temporary workaround, consider restricting input for the company name field to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.