Cross-Site Scripting Flaw in Avaya Communications Manager Products
CVE-2007-1367

Currently unrated

Key Information:

Vendor: Avaya
Status: S8710; S8300; S8500; S8700
Vendor: CVE Published:; 9 March 2007

Summary

The Avaya Communications Manager products, including the S87XX, S8500, and S8300 models, are susceptible to a cross-site scripting vulnerability on their login page. This flaw enables remote attackers to input arbitrary web scripts or HTML code through the Login field, potentially leading to unauthorized access and manipulation of user sessions. Users and administrators must apply the necessary updates to mitigate this risk and safeguard sensitive information.

References

http://www.securityfocus.com/bid/22866

vdb-entryx_refsource_BID

http://support.avaya.com/elmodocs2/security/ASA-2007-064.htm

x_refsource_CONFIRM

http://www.osvdb.org/33297

vdb-entryx_refsource_OSVDB

Timeline

Vulnerability published
Mar 9, 2007
Vulnerability Reserved
Mar 9, 2007