Stored XSS Vulnerability in Polycom QDX 6000 Devices
CVE-2018-7564

6.1MEDIUM

Key Information:

Vendor: Polycom
Status: Qdx 6000 Firmware
Vendor: CVE Published:; 7 March 2018

What is CVE-2018-7564?

A stored XSS vulnerability has been identified in Polycom QDX 6000 devices, which can allow an attacker to inject malicious scripts. This occurs when user input is stored and later displayed without adequate validation. If exploited, this vulnerability can lead to unauthorized actions, session theft, or exposure of sensitive information. Users of the affected devices are advised to apply necessary security patches to mitigate the risk.

References

https://support.polycom.com/content/dam/polycom-support/g...

x_refsource_CONFIRM

CVSS V3.1

Score:

6.1

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Mar 7, 2018
Vulnerability Reserved
Feb 28, 2018