CVE-2021-25656

CWE-79Cross-site Scripting (XSS)3 documents3 sources
Severity
5.4MEDIUM
EPSS
0.1%
top 64.95%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Avaya ProductAvaya Aura Experience Portal
Timeline
PublishedJun 24
Latest updateMay 24

Description

Stored XSS injection vulnerabilities were discovered in the Avaya Aura Experience Portal Web management which could allow an authenticated user to potentially disclose sensitive information. Affected versions include 7.0 through 7.2.3 (without hotfix) and 8.0.0 (without hotfix).

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:LExploitability: 1.8 | Impact: 3.4

Affected Packages2 packages

NVDavaya/aura_experience_portal7.07.2.3+1
CVEListV5avaya/product7.2.37.0*+1

Patches

Patch: downloads.avaya.comPatch: downloads.avaya.com

🔴Vulnerability Details

2
GHSA
GHSA-7cpc-3c6p-38qh: Stored XSS injection vulnerabilities were discovered in the Avaya Aura Experience Portal Web management which could allow an authenticated user to pot2022-05-24
CVEList
Avaya Aura Experience Portal XSS vulnerabilities2021-06-24
CVE-2021-25656 (MEDIUM CVSS 5.4) | Stored XSS injection vulnerabilitie | cvebase.io