HTML Injection Vulnerability in Avaya Spaces by Avaya
CVE-2024-12756

7.3HIGH

Key Information:

Vendor: Avaya
Status: Avaya Spaces
Vendor: CVE Published:; 11 February 2025

Summary

An HTML Injection vulnerability in Avaya Spaces could potentially allow attackers to disclose sensitive information or manipulate the page content that users see. This flaw poses a significant risk as it may enable unauthorized access to user data and compromise the integrity of the platform.

Affected Version(s)

Avaya Spaces 0

References

https://support.avaya.com/css/public/documents/101091836

CVSS V3.1

Score:

7.3

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

High

Privileges Required:

High

User Interaction:

Required

Scope:

Changed

Timeline

Vulnerability published
Feb 11, 2025
Vulnerability Reserved
Dec 18, 2024

Credit

Waleed Elnawawy from Dubai Islamic Bank

Mostafa Noureldin from Liquid C2 Egypt