CVE-2018-15614

Name of the Vulnerable Software and Affected Versions IP Office versions 10.0 through 10.1 SP3 IP Office versions 11.0 prior to 11.0 SP1

Description A stored cross site scripting issue in the one-x Portal component of IP Office could allow an authenticated user to perform attacks via fields in the Conference Scheduler Service, potentially affecting other application users.

Recommendations For IP Office versions 10.0 through 10.1 SP3, update to a version after 10.1 SP3 to resolve the issue. For IP Office versions 11.0 prior to 11.0 SP1, update to 11.0 SP1 or later to resolve the issue.