CVE-2026-5922 in Poly CCXinfo

Summary

by MITRE • 07/09/2026

The IP phone might use malicious input stored in configuration parameters and render it as content for the WebUI’s webpage.

If you want to get the best quality for vulnerability data then you always have to consider VulDB.

Analysis

by VulDB Data Team • 07/09/2026

This vulnerability represents a critical cross-site scripting flaw that can be exploited through improperly sanitized configuration parameters within IP phone systems. The technical implementation allows attackers to inject malicious code into web-based user interfaces by manipulating stored configuration values, creating a persistent threat vector that can affect multiple users simultaneously. The vulnerability stems from insufficient input validation and output encoding mechanisms within the web user interface components of these telephony devices.

The operational impact of this weakness extends beyond simple data theft or service disruption, as it enables attackers to execute arbitrary code within the context of the victim's browser session. This creates opportunities for session hijacking, credential theft, and privilege escalation attacks that can compromise entire communication infrastructures. The vulnerability is particularly dangerous in enterprise environments where IP phones serve as critical communication tools and may have elevated privileges within network segments.

Security professionals should recognize this as a variant of CWE-79 - Cross-Site Scripting, specifically manifesting as a stored XSS attack vector that persists through configuration parameters rather than direct user input. The ATT&CK framework categorizes this under T1566 - Phishing and T1071.1 - Application Layer Protocol: Web Protocols, as attackers can leverage these vulnerabilities to establish persistent access points within network environments. The risk is amplified when considering that IP phone systems often operate with minimal security controls and may be accessible from multiple network zones.

Mitigation strategies should focus on implementing strict input validation at configuration parameter entry points, enforcing proper output encoding for all web interface elements, and establishing robust sanitization routines for stored data. Network segmentation should isolate telephony infrastructure from general user networks, while regular security assessments should verify that configuration parameters are properly sanitized before being rendered in web interfaces. Additionally, deploying web application firewalls and implementing content security policies can provide additional layers of protection against exploitation attempts targeting this vulnerability class.

Responsible

Hp

Reservation

04/08/2026

Disclosure

07/09/2026

Moderation

accepted

CPE

ready

EPSS

0.00000

KEV

no

Activities

very low

Sources

Interested in the pricing of exploits?

See the underground prices here!