Description
The IP phone might use malicious input stored in configuration parameters and render it as content for the WebUI’s webpage.
Analysis and contextual insights are available on OpenCVE Cloud.
Remediation
No vendor fix or workaround currently provided.
Additional remediation guidance may be available on OpenCVE Cloud.
Tracking
Sign in to view the affected projects.
Advisories
No advisories yet.
References
History
Wed, 08 Jul 2026 22:15:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| Description | The IP phone might use malicious input stored in configuration parameters and render it as content for the WebUI’s webpage. | |
| Title | Poly Voice – Potential Unauthorized Modification of WebUI using XSS Attack | |
| First Time appeared |
Hp Inc.
Hp Inc. poly Ccx Hp Inc. poly Edge E Hp Inc. poly Trio C60 |
|
| Weaknesses | CWE-79 | |
| CPEs | cpe:2.3:h:hp_inc.:poly_ccx:*:*:*:*:*:*:*:* cpe:2.3:h:hp_inc.:poly_edge_e:*:*:*:*:*:*:*:* cpe:2.3:h:hp_inc.:poly_trio_c60:*:*:*:*:*:*:*:* |
|
| Vendors & Products |
Hp Inc.
Hp Inc. poly Ccx Hp Inc. poly Edge E Hp Inc. poly Trio C60 |
|
| References |
| |
| Metrics |
cvssV4_0
|
Status: PUBLISHED
Assigner: hp
Published:
Updated: 2026-07-08T21:39:06.676Z
Reserved: 2026-04-08T21:33:29.346Z
Link: CVE-2026-5922
No data.
No data.
No data.
OpenCVE Enrichment
No data.
Weaknesses