Vulnerability Description
Cross-site scripting (XSS) vulnerability in the login page in Avaya Communications Manager (CM) S87XX, S8500, and S8300 products before 3.1.3 allows remote attackers to inject arbitrary web script or HTML via the Login field.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Avaya | S8710 | cm_2.0 |
| Avaya | S8300 | cm_2.0 |
| Avaya | S8500 | cm_2.0 |
| Avaya | S8700 | cm_2.0 |
References
- http://secunia.com/advisories/24397
- http://support.avaya.com/elmodocs2/security/ASA-2007-064.htmPatchVendor Advisory
- http://www.osvdb.org/33297
- http://www.securityfocus.com/bid/22866
- http://secunia.com/advisories/24397
- http://support.avaya.com/elmodocs2/security/ASA-2007-064.htmPatchVendor Advisory
- http://www.osvdb.org/33297
- http://www.securityfocus.com/bid/22866
FAQ
What is CVE-2007-1367?
CVE-2007-1367 is a vulnerability with a CVSS score of 4.3 (MEDIUM). Cross-site scripting (XSS) vulnerability in the login page in Avaya Communications Manager (CM) S87XX, S8500, and S8300 products before 3.1.3 allows remote attackers to inject arbitrary web script or ...
How severe is CVE-2007-1367?
CVE-2007-1367 has been rated MEDIUM with a CVSS base score of 4.3/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2007-1367?
Check the references section above for vendor advisories and patch information. Affected products include: Avaya S8710, Avaya S8300, Avaya S8500, Avaya S8700.