Published: 01/11/2008 Updated: 11/10/2018

CVSS v2 Base Score: 4.3 | Impact Score: 2.9 | Exploitability Score: 8.6

VMScore: 435

Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N

Cross-site scripting (XSS) vulnerability in the web server component in Philips Electronics VOIP841 DECT Phone with firmware 1.0.4.50 and 1.0.4.80 allows remote malicious users to inject arbitrary web script or HTML via the request URL, which is not properly handled in a 404 web error page.

Vulnerable Product	Search on Vulmon	Subscribe to Product
philips electronics voip841 dect phone 1.0.4.50
philips electronics voip841 dect phone 1.0.4.48

:[ Philips VOIP841 Multiple Vulnerabilities ]: Luca "ikki" Carettoni - lucacarettoni@ikkisoftcom Systems affected: Philips VOIP841, Firmware Version 10450 and 10480, Web Server Version 15 (simple httpd) Systems not affected: n/a (a) Hidden Administration Account (web management console) service:service (b) Directory Listing, Director ...

CWE-79 http://secunia.com/advisories/28978 http://www.securityfocus.com/bid/27790 http://securityreason.com/securityalert/4536 http://www.vupen.com/english/advisories/2008/0583 https://www.exploit-db.com/exploits/5113 http://www.securityfocus.com/archive/1/488127/100/200/threaded https://nvd.nist.gov https://www.exploit-db.com/exploits/5113/

Get Started

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook

CVE-2008-4876

Vulnerability Summary

Exploits

References

Vulmon Search

About

Products

Connect