CVE-2019-7000

CWE-79 — Cross-site Scripting (XSS)CWE-3475 documents5 sources

Severity

6.1MEDIUM

EPSS

0.4%

top 42.01%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Avaya Avaya Aura Conferencing Avaya Aura Conferencing

Timeline

PublishedJul 31

Latest updateMay 24

Description

A Cross-Site Scripting (XSS) vulnerability in the Web UI of Avaya Aura Conferencing may allow code execution and potentially disclose sensitive information. Affected versions of Avaya Aura Conferencing include all 8.x versions prior to 8.0 SP14 (8.0.14). Prior versions not listed were not evaluated.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:NExploitability: 2.8 | Impact: 2.7

Affected Packages2 packages

▶CVEListV5avaya/avaya_aura_conferencing8.x — 8.0.14

▶NVDavaya/aura_conferencing8.0+1

🔴Vulnerability Details

GHSA

GHSA-cjw9-j68c-hvw7: A Cross-Site Scripting (XSS) vulnerability in the Web UI of Avaya Aura Conferencing may allow code execution and potentially disclose sensitive inform↗2022-05-24

▶

CVEList

Avaya Aura Conferencing XSS↗2019-07-31

▶

📋Vendor Advisories

Cisco

Cisco MDS 9700 Series Multilayer Directors and Nexus 7000/7700 Series Switches Software Patch Signature Verification Vulnerability↗2019-05-15

▶