CVE-2019-9230

Name of the Vulnerable Software and Affected Versions AudioCodes Mediant devices versions F7.20A through F7.20A.253

Description A cross-site scripting issue exists in the search function of the management web interface, allowing remote attackers to inject arbitrary web script or HTML via the keyword parameter.

Recommendations For AudioCodes Mediant 500L-MSBR, 500-MBSR, M800B-MSBR, and 800C-MSBR devices with firmware versions F7.20A through F7.20A.253, consider restricting access to the management web interface until a fix is available. As a temporary workaround, avoid using the keyword parameter in the search function to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this issue.