CVE-2021-25656

EUVD-2021-12548
Stored XSS injection vulnerabilities were discovered in the Avaya Aura Experience Portal Web management which could allow an authenticated user to potentially disclose sensitive information. Affected versions include 7.0 through 7.2.3 (without hotfix) and 8.0.0 (without hotfix).
Cross-site Scripting
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
5.3 MEDIUM
LOCAL
LOW
LOW
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
avayaCNA
5.3 MEDIUM
LOCAL
LOW
LOW
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
Base Score
CVSS 3.x
EPSS Score
Percentile: 34%
Affected Products (NVD)
VendorProductVersion
avayaaura_experience_portal
7.0 ≤
𝑥
≤ 7.2.3
avayaaura_experience_portal
8.0.0
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
https://downloads.avaya.com/css/P8/documents/101076234
https://downloads.avaya.com/css/P8/documents/101076234