Cross-site scripting (XSS) vulnerability in the Push-Service-Mails feature in AVM FRITZ!OS before 6.30 allows remote attackers to inject arbitrary web script or HTML via the display name in the FROM field of an SIP INVITE message.Referenceshttp://packetstormsecurity.com/files/135168/AVM-FRITZ-OS-HTML-Injection.htmlhttp://ds-develop.de/advisories/advisory-2016-01-07-1-avm.txthttps://avm.de/service/sicherheitsinfos-zu-updates/http://www.securityfocus.com/archive/1/537249/100/0/threaded
