CVE-2007-1367

2007-03-0922:19:00

[email protected]

web.nvd.nist.gov

avaya communications manager

xss

vulnerability

nvd

cve-2007-1367

5.7 Medium

AI Score

Confidence

High

4.3 Medium

CVSS2

Access Vector

Access Complexity

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

0.003 Low

EPSS

Percentile

67.8%

JSON

Cross-site scripting (XSS) vulnerability in the login page in Avaya Communications Manager (CM) S87XX, S8500, and S8300 products before 3.1.3 allows remote attackers to inject arbitrary web script or HTML via the Login field.

Affected configurations

NVD

Node

avayas8710Matchcm_2.0

avayas8710Matchcm_3.1

avayas8710Matchr2.0.0

avayas8710Matchr2.0.1

AND

avayas8300Matchcm_2.0

avayas8300Matchcm_3.1

avayas8300Matchr2.0.0

avayas8300Matchr2.0.1

avayas8500Matchcm_2.0

avayas8500Matchcm_3.1

avayas8500Matchr2.0.0

avayas8500Matchr2.0.1

avayas8700Matchcm_2.0

avayas8700Matchcm_3.1

avayas8700Matchr2.0.0

avayas8700Matchr2.0.1

CPENameOperatorVersion
avaya:s8710avaya s8710eqcm_2.0
avaya:s8710avaya s8710eqcm_3.1
avaya:s8710avaya s8710eqr2.0.0
avaya:s8710avaya s8710eqr2.0.1
avaya:s8300avaya s8300eqcm_2.0
avaya:s8300avaya s8300eqcm_3.1
avaya:s8300avaya s8300eqr2.0.0
avaya:s8300avaya s8300eqr2.0.1
avaya:s8500avaya s8500eqcm_2.0
avaya:s8500avaya s8500eqcm_3.1

CPE	Name	Operator	Version
avaya:s8710	avaya s8710	eq	cm_2.0
avaya:s8710	avaya s8710	eq	cm_3.1
avaya:s8710	avaya s8710	eq	r2.0.0
avaya:s8710	avaya s8710	eq	r2.0.1
avaya:s8300	avaya s8300	eq	cm_2.0
avaya:s8300	avaya s8300	eq	cm_3.1
avaya:s8300	avaya s8300	eq	r2.0.0
avaya:s8300	avaya s8300	eq	r2.0.1
avaya:s8500	avaya s8500	eq	cm_2.0
avaya:s8500	avaya s8500	eq	cm_3.1