The IP phone might use malicious input stored in configuration parameters and render it as content for the WebUI’s webpage.
Project Subscriptions
Advisories
No advisories yet.
Fixes
Solution
No solution given by the vendor.
Workaround
No workaround given by the vendor.
References
History
Wed, 08 Jul 2026 22:15:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| Description | The IP phone might use malicious input stored in configuration parameters and render it as content for the WebUI’s webpage. | |
| Title | Poly Voice – Potential Unauthorized Modification of WebUI using XSS Attack | |
| First Time appeared |
Hp Inc.
Hp Inc. poly Ccx Hp Inc. poly Edge E Hp Inc. poly Trio C60 |
|
| Weaknesses | CWE-79 | |
| CPEs | cpe:2.3:h:hp_inc.:poly_ccx:*:*:*:*:*:*:*:* cpe:2.3:h:hp_inc.:poly_edge_e:*:*:*:*:*:*:*:* cpe:2.3:h:hp_inc.:poly_trio_c60:*:*:*:*:*:*:*:* |
|
| Vendors & Products |
Hp Inc.
Hp Inc. poly Ccx Hp Inc. poly Edge E Hp Inc. poly Trio C60 |
|
| References |
| |
| Metrics |
cvssV4_0
|
Projects
Sign in to view the affected projects.
Status: PUBLISHED
Assigner: hp
Published:
Updated: 2026-07-08T21:39:06.676Z
Reserved: 2026-04-08T21:33:29.346Z
Link: CVE-2026-5922
No data.
No data.
No data.
OpenCVE Enrichment
No data.
Weaknesses