Loading
Multiple cross-site scripting (XSS) vulnerabilities in Local Phone book and Blacklist form in Yealink VOIP Phones allow remote authenticated users to inject arbitrary web script or HTML via the user field to cgi-bin/ConfigManApp.com.
Use CWE-79, Yealink vendor hub and Gigabit Color Ip Phone Sip-T32g product page to widen CVE-2012-1417 into its surrounding weakness, vendor, and product context.