This page lists publicly disclosed CVE vulnerabilities affecting zenitel ip-stationweb_firmware (linked via NVD CPE). Each row includes severity scores, summaries, and publication dates to help identify and analyze security issues.
| CVE | Summary | Source | Max CVSS | EPSS % | Published | Updated |
|---|---|---|---|---|---|---|
| CVE-2018-19927 | Zenitel Norway IP-StationWeb before 4.2.3.9 allows stored XSS via the Display Name for Station Status or Account Settings, related to the goform/zForm_save_changes sip_nick parameter. The password of alphaadmin for the admin account may be used for authentication in some cases. | [email protected] | 4.8 | 0.15% | 2018-12-06 | 2024-11-21 |
| CVE-2018-19926 | Zenitel Norway IP-StationWeb before 4.2.3.9 allows reflected XSS via the goform/ PATH_INFO. | [email protected] | 6.1 | 0.16% | 2018-12-06 | 2024-11-21 |