CVE-2019-7004

Avaya IP Office XSS Vulnerability

CVSS 6.4 MEDIUMEPSS 2.2%CWE-79

A Cross-Site Scripting (XSS) vulnerability in the WebUI component of IP Office Application Server could allow unauthorized code execution and potentially disclose sensitive information. All product versions 11.x are affected. Product versions prior to 11.0, including unsupported versions, were not evaluated.

CVSS:3.0/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:N

Affected products

Avaya · IP Office Application Server

public PoCs found — 2

cve_referencepacketstormsecurity.com/files/156476/Avaya-IP-Office-Application-Server-11.0.0.0-Cross-Site-Scripting.htmlunverified exploitdbwww.exploit-db.com/exploits/48105unverified

⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →

References

http://packetstormsecurity.com/files/156476/Avaya-IP-Office-Application-Server-11.0.0.0-Cross-Site-Scripting.html https://support.avaya.com/css/P8/documents/101062833