CVE-2019-19865

Name of the Vulnerable Software and Affected Versions Atos Unify OpenScape UC Application V9 before version V9 R4.31.0 Atos Unify OpenScape UC Application V10 before version V10 R0.6.0

Description The issue allows for cross-site scripting (XSS), where an attacker could inject arbitrary JavaScript code in the Profile Name field. This stored XSS payload would be executed by a browser, potentially leading to unauthorized actions. An attacker would need to convince an authenticated user to perform the injection.

Recommendations For Atos Unify OpenScape UC Application V9 before version V9 R4.31.0, update to version V9 R4.31.0 or later to resolve the issue. For Atos Unify OpenScape UC Application V10 before version V10 R0.6.0, update to version V10 R0.6.0 or later to resolve the issue. As a temporary workaround, consider restricting access to the Profile Name field to minimize the risk of exploitation.