Unauthenticated Stored Cross-Site Scripting (XSS) Vulnerability in Atos Unify OpenScape Voice Trace Manager
CVE-2023-40262

6.1MEDIUM

Key Information:

Vendor: Atos
Status: Openscape Voice Trace Manager V8
Vendor: CVE Published:; 8 February 2024

What is CVE-2023-40262?

An identified issue in Atos Unify OpenScape Voice Trace Manager prior to version V8 R0.9.11 allows for unauthenticated Stored Cross-Site Scripting (XSS) through the administration component via Access Request. This vulnerability could let an attacker execute malicious scripts, which may impact the security of the users and the integrity of the application. Immediate action is recommended to mitigate potential risks associated with this loophole.

References

https://networks.unify.com/security/advisories/OBSO-2305-...

CVSS V3.1

Score:

6.1

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Feb 8, 2024
Vulnerability Reserved
Aug 11, 2023