Posted by Sandro Gauci on Mar 16

# VoIPmonitor WEB GUI vulnerable to Cross-Site Scripting via SIP messages

– Fixed versions: VoIPmonitor WEB GUI 24.56
– Enable Security Advisory: https://github.com/EnableSecurity/advisories/tree/master/ES2021-02-voipmonitor-gui-xss
– VoIPmonitor Security Advisory: none, changelog references fixes at https://www.voipmonitor.org/changelog-gui?major=5
– Tested vulnerable versions: 24.53, 24.54, 24.55
– Timeline:
– Report date: 2021-02-10…
Read More – Full Disclosure


By |2021-03-16T13:19:12-04:00March 16th, 2021|