Unauthenticated Stored Cross-Site Scripting (XSS) Vulnerability in Atos Unify OpenScape Voice Trace Manager
CVE-2023-40262

6.1MEDIUM

Key Information:

Vendor

Atos

Status
Openscape Voice Trace Manager V8
Vendor
CVE Published:
8 February 2024

What is CVE-2023-40262?

An identified issue in Atos Unify OpenScape Voice Trace Manager prior to version V8 R0.9.11 allows for unauthenticated Stored Cross-Site Scripting (XSS) through the administration component via Access Request. This vulnerability could let an attacker execute malicious scripts, which may impact the security of the users and the integrity of the application. Immediate action is recommended to mitigate potential risks associated with this loophole.

References

https://networks.unify.com/security/advisories/OBSO-2305-...

CVSS V3.1

Score:
6.1
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Changed

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.