CVE-2019-19865

Atos Unify OpenScape UC Application V9 before version V9 R4.31.0 and V10 before version V10 R0.6.0 allows XSS. An attacker could exploit this by convincing an authenticated user to inject arbitrary JavaScript code in the Profile Name field. A browser would execute this stored XSS payload.
Cross-site Scripting
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
6.1 MEDIUM
NETWORK
LOW
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
mitreCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 57%
VendorProductVersion
atosunify_openscape_uc_web_client
1.0
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
https://networks.unify.com/security/advisories/OBSO-2002-01.pdf
https://unify.com/en/support/security-advisories
https://networks.unify.com/security/advisories/OBSO-2002-01.pdf
https://unify.com/en/support/security-advisories