VULHUB ™

Expressa is the Java-Based Voice-Over-IP phone developed and distributed by Pingtel. It has been discovered that the configuration web server included with Expressa phones does not sufficiently sanitize HTML from some fields (such as the MESSAGE parameter of the SIP dialing facility). This problem could result in a user sending a malicious URL to user of the phone that has authenticated to the web interface.

Expressa is the Java-Based Voice-Over-IP phone developed and distributed by Pingtel. It has been discovered that the configuration web server included with Expressa phones does not sufficiently sanitize HTML from some fields (such as the MESSAGE parameter of the SIP dialing facility). This problem could result in a user sending a malicious URL to user of the phone that has authenticated to the web interface.