Plantronics + Polycom. Now together as Poly Logo

Cross-site scripting found on VVX 400 phones

Occasional Visitor

Cross-site scripting found on VVX 400 phones

We have our Kenna server performing scans every week and it found cross-site scripting on our VVX 400 phones.  We have in the meantime performed firmware upgrade to 5.9.5 but the issue persists.


We also had the VVX 201 phones with the same issue, but after performing the firmware upgrade to 6.11, the issue disappeared.


Is there a timeframe when a new firmware for the VVX 400 is available to conteract this issue?


Thank you,

Vincent Farrugia

Message 1 of 2
Polycom Employee & Community Manager

Re: Cross-site scripting found on VVX 400 phones

Hello @vifarrugia ,


Welcome to the Poly Community.


I have made our security department aware of this post but in order to properly troubleshoot and track this, it would need to come into support.

In order to raise a support ticket, you need to work with your Poly reseller as they may need to do this for you.

End Customers are usually unable to open a ticket directly with Poly support.

If this is some sort of an Internet discounter providing your MAC address or your Poly devices serial will enable us to look up who would be able to support you. This may not be who you purchased the Poly device from.

Please ensure to provide some feedback if this reply has helped you so other users can profit from your experience.

Best Regards

Steffen Baier

<======== Signature / Disclaimer ========>
Please be aware:For questions about the type of support to expect please check here

Please also ensure you always check the VoIP , Video Endpoint , Skype for Business , PSTN or RPM FAQ's

Please remember, if you see a post that helped you , and it answers your question, please mark it as an "Accept as Solution".

The title Polycom Employee & Community Manager is an automatic setting within the community and any forum reply or post is based upon my personal experience and does not reflect the opinion or view of my employer.
Poly employee participation within this community is not mandatory and any post or FAQ article provided by myself is done either during my working hours or outside working hours, in my private time, and maybe answered on weekends, bank holidays or personal holidays.
Message 2 of 2