CVE-2024-28722

Publication date

2024-04-22 00:00:00

Family

mitre

State

PUBLISHED

Description

Cross Site Scripting vulnerability in Innovaphone myPBX v.14r1, v.13r3, v.12r2 allows a remote attacker to execute arbitrary code via the query parameter to the /CMD0/xml_modes.xml endpoint