### [CVE-2015-7242](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7242)
![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue)
![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue)
![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen)

### Description

Cross-site scripting (XSS) vulnerability in the Push-Service-Mails feature in AVM FRITZ!OS before 6.30 allows remote attackers to inject arbitrary web script or HTML via the display name in the FROM field of an SIP INVITE message.

### POC

#### Reference
- http://ds-develop.de/advisories/advisory-2016-01-07-1-avm.txt
- http://packetstormsecurity.com/files/135168/AVM-FRITZ-OS-HTML-Injection.html

#### Github
No PoCs found on GitHub currently.