CVE-2019-7004

Published: Dec 12, 2019Modified: Nov 21, 2024

5.4

Vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

Exploitability: 2.3 / Impact: 2.7

Source: NVD

Description

A Cross-Site Scripting (XSS) vulnerability in the WebUI component of IP Office Application Server could allow unauthorized code execution and potentially disclose sensitive information. All product versions 11.x are affected. Product versions prior to 11.0, including unsupported versions, were not evaluated.

Affected (1)

Products: Avaya: Ip Office Application Server

1 product

Ip Office Application Server

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Avaya Ip Office Application Server	From 11.0 to 11.0.4.0

Related CWEs

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.

References (4)

http://packetstormsecurity.com/files/156476/Avaya-IP-Office-Application-Server-11.0.0.0-Cross-Site-Scripting.html

Source: securityalerts@avaya.com

ExploitThird Party AdvisoryVDB Entry

https://support.avaya.com/css/P8/documents/101062833

Source: securityalerts@avaya.com

Vendor Advisory

http://packetstormsecurity.com/files/156476/Avaya-IP-Office-Application-Server-11.0.0.0-Cross-Site-Scripting.html

Source: af854a3a-2127-422b-91ae-364da2661108

ExploitThird Party AdvisoryVDB Entry

https://support.avaya.com/css/P8/documents/101062833

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

Timeline

No history available yet.