Primary

Context

Zenitel TCIV-3+ Reflected Cross-Site Scripting Vulnerability

Vulnerability

A reflected cross-site scripting vulnerability has been identified in Zenitel TCIV-3+ intercom devices, all versions prior to 9.3.3.0. This vulnerability allows remote attackers to execute arbitrary JavaScript in the context of the victim's browser.

Impact

Exploitation of this vulnerability could lead to reflected cross-site scripting, allowing for the execution of malicious scripts in the user's browser.

Remediation

Users are advised to upgrade to Zenitel TCIV-3+ Version 9.3.3.0 or later.

Added: Nov 26, 2025, 6:17 PM

Updated: Nov 26, 2025, 6:17 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

0.4

exploitability

6.4

remediation

7.7

relevance

1.1

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

0.4

exploitability

6.4

remediation

7.7

relevance

1.1

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Zenitel TCIV-3+ Reflected Cross-Site Scripting Vulnerability

Vulnerability

Impact

Remediation

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating