Vulnerability Details CVE-2019-7004
A Cross-Site Scripting (XSS) vulnerability in the WebUI component of IP Office Application Server could allow unauthorized code execution and potentially disclose sensitive information. All product versions 11.x are affected. Product versions prior to 11.0, including unsupported versions, were not evaluated.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.006
EPSS Ranking 67.3%
CVSS Severity
CVSS v3 Score 6.4
CVSS v2 Score 3.5
References
- http://packetstormsecurity.com/files/156476/Avaya-IP-Office-Application-Server-11.0.0.0-Cross-Site-Scripting.html
- https://support.avaya.com/css/P8/documents/101062833
- http://packetstormsecurity.com/files/156476/Avaya-IP-Office-Application-Server-11.0.0.0-Cross-Site-Scripting.html
- https://support.avaya.com/css/P8/documents/101062833
Products affected by CVE-2019-7004
-
cpe:2.3:a:avaya:ip_office_application_server:11.0
-
cpe:2.3:a:avaya:ip_office_application_server:11.0.4.0