CVE-2008-1250 : Multiple cross-site request forgery (CSRF) vulnerabilities in the web interface

Multiple cross-site request forgery (CSRF) vulnerabilities in the web interface on the central phone server for the Snom 320 SIP Phone allow remote attackers to perform actions as the phone user, as demonstrated by inserting an address-book entry containing an XSS sequence.

Published 2008-03-10 17:44:00

Updated 2018-10-11 20:31:19

Source MITRE

View at NVD, CVE.org

Vulnerability category: Cross site scripting (XSS)Cross-site request forgery (CSRF)

Products affected by CVE-2008-1250

Snom » 320 Sip Phone
cpe:2.3:h:snom:320_sip_phone:*:*:*:*:*:*:*:*
Matching versions

Exploit prediction scoring system (EPSS) score for CVE-2008-1250

EPSS FAQ

0.31%

Probability of exploitation activity in the next 30 days EPSS Score History

~ 51 %

Percentile, the proportion of vulnerabilities that are scored at or less

CVSS scores for CVE-2008-1250

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Score Source	First Seen
9.3	HIGH	AV:N/AC:M/Au:N/C:C/I:C/A:C	8.6	10.0	NIST
Access Vector: Network Access Complexity: Medium Authentication: None Confidentiality Impact: Complete Integrity Impact: Complete Availability Impact: Complete

CWE ids for CVE-2008-1250

CWE-352 Cross-Site Request Forgery (CSRF)

The web application does not, or can not, sufficiently verify whether a well-formed, valid, consistent request was intentionally provided by the user who submitted the request.

Assigned by: nvd@nist.gov (Primary)

References for CVE-2008-1250

Jump to

Vulnerability Details : CVE-2008-1250

Products affected by CVE-2008-1250

Exploit prediction scoring system (EPSS) score for CVE-2008-1250

CVSS scores for CVE-2008-1250

CWE ids for CVE-2008-1250

References for CVE-2008-1250