CVE-2019-7004

A Cross-Site Scripting (XSS) vulnerability in the WebUI component of IP Office Application Server could allow unauthorized code execution and potentially disclose sensitive information. All product versions 11.x are affected. Product versions prior to 11.0, including unsupported versions, were not evaluated.
Cross-site Scripting
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
5.4 MEDIUM
NETWORK
LOW
LOW
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
avayaCNA
6.4 MEDIUM
NETWORK
HIGH
LOW
CVSS:3.0/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:N
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 67%
VendorProductVersion
avayaip_office_application_server
11.0 ≤
𝑥
≤ 11.0.4.0
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
http://packetstormsecurity.com/files/156476/Avaya-IP-Office-Application-Server-11.0.0.0-Cross-Site-Scripting.html
https://support.avaya.com/css/P8/documents/101062833
http://packetstormsecurity.com/files/156476/Avaya-IP-Office-Application-Server-11.0.0.0-Cross-Site-Scripting.html
https://support.avaya.com/css/P8/documents/101062833