PT-2019-18410 · Avaya · Ip Office Application Server

Daniel Bohan

Published

2019-12-11

Updated

2023-02-02

CVE-2019-7004

CVSS v3.1

6.4

Medium

Vector

AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:N

Name of the Vulnerable Software and Affected Versions IP Office Application Server versions 11.x

Description A Cross-Site Scripting (XSS) issue in the WebUI component could allow unauthorized code execution and potentially disclose sensitive information.

Recommendations For versions 11.x, update to a version that includes the fix for this issue, as all versions within this range are affected.

Exploit

Fix

XSS

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-79

Related Identifiers

CVE-2019-7004

Affected Products

Ip Office Application Server

PT-2019-18410 · Avaya · Ip Office Application Server

CVE-2019-7004

Weakness Enumeration

Related Identifiers

Affected Products

References · 5