The SIP communications protocol can be abused to perform cross-site scripting (XSS) attacks. SIP technology used to manage communication across services including VoIP, audio, and instant messaging, can be used as a conduit to perform app-based assaults on software.
This includes XSS attacks, in which users browser sessions may be compromised, same-origin policies circumvented, and user impersonation may take place for purposes including theft, phishing, or the deployment of malware.
XSS entry point
An open source network packet sniffer used by system administrators to analyses the quality of VoIP calls based on various network Vulnerability found during an audit in the software interface to that monitors device request managed via User Agent header value
This value is rendered in the DOM of the user’s web browser. In the hands of miscreants, this may lead to the execution of malicious code relying on some canary token or callback.
Temporary code execution
It is recommended that VoIPmonitor users update to the latest version available, v.24.71.