Cross-site scripting (XSS) vulnerability in the Linksys SPA941 VoIP Phone with firmware 5.1.8 allows remote attackers to inject arbitrary web script or HTML via the From header in a SIP message.
Max CVSS
4.3
EPSS Score
0.21%
Published
2007-10-12
Updated
2017-07-29
The Linksys SPA941 VoIP Phone allows remote attackers to cause a denial of service (device reboot) via a 0377 (0xff) character in the From header, and possibly certain other locations, in a SIP INVITE request.
Max CVSS
7.8
EPSS Score
16.03%
Published
2007-04-25
Updated
2017-10-11
2 vulnerabilities found