HTML Injection Vulnerability in Avaya Spaces by Avaya
CVE-2024-12756

7.3HIGH

Key Information:

Vendor: Avaya
Status: Avaya Spaces
Vendor: CVE Published:; 11 February 2025

What is CVE-2024-12756?

An HTML Injection vulnerability in Avaya Spaces could potentially allow attackers to disclose sensitive information or manipulate the page content that users see. This flaw poses a significant risk as it may enable unauthorized access to user data and compromise the integrity of the platform.

Affected Version(s)

Avaya Spaces 0

References

https://support.avaya.com/css/public/documents/101091836

CVSS V3.1

Score:

7.3

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

High

Privileges Required:

High

User Interaction:

Required

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Feb 11, 2025
Vulnerability Reserved
Dec 18, 2024

Credit

Waleed Elnawawy from Dubai Islamic Bank

Mostafa Noureldin from Liquid C2 Egypt

JSON