Yealink SIP-T21P E2 Local Directory cross site scripting_CVE-2025-14228

5.1 / 10

MEDIUM

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:P

Description

A weakness has been identified in Yealink SIP-T21P E2 52.84.0.15. Impacted is an unknown function of the component Local Directory Page. This manipulation causes cross site scripting. It is possible to initiate the attack remotely. The exploit has been made available to the public and could be exploited. The vendor was contacted early about this disclosure but did not respond in any way. This vulnerability only affects products that are no longer supported by the maintainer.

Basic Information

ID CVE-2025-14228

Source VulDB

Published Dec 8, 2025 at 10:32

Affected Product

Vendor Yealink

Product SIP-T21P E2

Version 52.84.0.15

Affected Versions Yealink SIP-T21P E2 52.84.0.15

CWE Classification

CWE-79 CWE-94

References

{
    "lastseen": "",
    "description": "A weakness has been identified in Yealink SIP-T21P E2 52.84.0.15. Impacted is an unknown function of the component Local Directory Page. This manipulation causes cross site scripting. It is possible to initiate the attack remotely. The exploit has been made available to the public and could be exploited. The vendor was contacted early about this disclosure but did not respond in any way. This vulnerability only affects products that are no longer supported by the maintainer.",
    "published": "2025-12-08T10:32:06.266Z",
    "modified": "2025-12-08T10:32:06.266Z",
    "type": "cve",
    "title": "Yealink SIP-T21P E2 Local Directory cross site scripting",
    "source": "VulDB",
    "references": "https://vuldb.com/?id.334670\nhttps://vuldb.com/?ctiid.334670\nhttps://vuldb.com/?submit.701949\nhttps://drive.google.com/file/d/1vptRtEeoS1AZgnqow1yPrsgsBkw4jXc2/view?usp=sharing",
    "id": "CVE-2025-14228",
    "bulletinFamily": "",
    "cwe": [
        "CWE-79",
        "CWE-94"
    ],
    "cvelist": null,
    "sourceData": "Yealink SIP-T21P E2 52.84.0.15",
    "sourceHref": "",
    "cvss": {
        "score": 5.1,
        "severity": "MEDIUM",
        "vector": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:P",
        "version": "4.0"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "SIP-T21P E2",
    "version": "52.84.0.15",
    "vendor": "Yealink",
    "ai_description": "",
    "ai_severity": "",
    "ai_vendor": "",
    "ai_product": "",
    "ai_version": "",
    "ai_score": 0
}