Description
A Cross-Site Scripting (XSS) vulnerability in the Web UI of Avaya Aura Conferencing may allow code execution and potentially disclose sensitive information. Affected versions of Avaya Aura Conferencing include all 8.x versions prior to 8.0 SP14 (8.0.14). Prior versions not listed were not evaluated.
CVSS Metrics
- Vector
- CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
- Attack Vector
- network
- Complexity
- low
- Privileges
- none
- User Action
- required
- Scope
- changed
- Confidentiality
- low
- Integrity
- low
- Availability
- none
- Weaknesses
- CWE-79CWE-79
Metadata
- Primary Vendor
- AVAYA
- Published
- 7/31/2019
- Last Modified
- 11/21/2024
- Source
- NIST NVD
- Note: Verify all details with official vendor sources before applying patches.
Affected Products
avaya : aura_conferencingavaya : aura_conferencingavaya : aura_conferencingavaya : aura_conferencingavaya : aura_conferencingavaya : aura_conferencingavaya : aura_conferencingavaya : aura_conferencingavaya : aura_conferencingavaya : aura_conferencingavaya : aura_conferencing
AI-Powered Remediation
Generate remediation guidance or a C-suite brief for this vulnerability.