HTML Injection Vulnerability in Avaya Spaces by Avaya
CVE-2024-12756

6.1MEDIUM

Key Information:

Vendor: Avaya
Status: Avaya Spaces
Vendor: CVE Published:; 11 February 2025

What is CVE-2024-12756?

An HTML Injection vulnerability in Avaya Spaces could potentially allow attackers to disclose sensitive information or manipulate the page content that users see. This flaw poses a significant risk as it may enable unauthorized access to user data and compromise the integrity of the platform.

Affected Version(s)

Avaya Spaces 0

References

https://support.avaya.com/css/public/documents/101091836

CVSS V3.1

Score:

6.1

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Feb 11, 2025
Vulnerability Reserved
Dec 18, 2024

Credit

Waleed Elnawawy from Dubai Islamic Bank

Mostafa Noureldin from Liquid C2 Egypt