CVE-2012-1417

Name of the Vulnerable Software and Affected Versions Yealink VOIP Phones (affected versions not specified)

Description The issue concerns multiple cross-site scripting (XSS) vulnerabilities in the Local Phone book and Blacklist form of Yealink VOIP Phones. These vulnerabilities allow remote authenticated users to inject arbitrary web script or HTML via the user field to the "cgi-bin/ConfigManApp.com" API endpoint.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.