Plantronics + Polycom. Now together as Poly Logo

Cross-site scripting found on VVX 400 phones

Occasional Visitor

Cross-site scripting found on VVX 400 phones

We have our Kenna server performing scans every week and it found cross-site scripting on our VVX 400 phones.  We have in the meantime performed firmware upgrade to 5.9.5 but the issue persists.


We also had the VVX 201 phones with the same issue, but after performing the firmware upgrade to 6.11, the issue disappeared.


Is there a timeframe when a new firmware for the VVX 400 is available to conteract this issue?


Thank you,

Vincent Farrugia

Message 1 of 2
Polycom Employee & Community Manager

Re: Cross-site scripting found on VVX 400 phones

Hello @vifarrugia ,


Welcome to the Poly Community.


I have made our security department aware of this post but in order to properly troubleshoot and track this, it would need to come into support.

In order to raise a support ticket, you need to work with your Poly reseller as they may need to do this for you.

End Customers are usually unable to open a ticket directly with Poly support.

If this is some sort of an Internet discounter providing your MAC address or your Poly devices serial will enable us to look up who would be able to support you. This may not be who you purchased the Poly device from.

Please ensure to provide some feedback if this reply has helped you so other users can profit from your experience.

Best Regards

Steffen Baier

The title Polycom Employee & Community Manager is a community setting and does not reflect my role. I am just a simple volunteer in the community like everybody else. My official "day" Job is 3rd Level support at Poly but I am unable to provide official support via the community.


Notice: This community forum is not an official Poly support resource, thus responses from Poly employees, partners, and customers alike are best-effort in attempts to share learned knowledge. If you need immediate and/or official assistance please open a service ticket through your proper support channels.
Please also ensure you always check the VoIP , Video Endpoint , Skype for Business , PSTN or RPM FAQ's
Message 2 of 2