- Description
- A Cross Site Scripting (XSS) Vulnerability on the Unified Portal Client (web client) used in Avaya Equinox Conferencing can allow an authenticated user to perform XSS attacks. The affected versions of Equinox Conferencing includes all 9.x versions before 9.1.10.
- Source
- securityalerts@avaya.com
- NVD status
- Modified
CVSS 3.1
- Type
- Primary
- Base score
- 5.4
- Impact score
- 2.7
- Exploitability score
- 2.3
- Vector string
- CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
- Severity
- MEDIUM
CVSS 2.0
- Type
- Primary
- Base score
- 3.5
- Impact score
- 2.9
- Exploitability score
- 6.8
- Vector string
- AV:N/AC:M/Au:S/C:N/I:P/A:N
- Hype score
- Not currently trending
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:a:avaya:equinox_conferencing:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "9CCE0098-65C0-489B-A1C4-CEECBFDCF977",
"versionEndExcluding": "9.1.10",
"versionStartIncluding": "9.0.0"
}
],
"operator": "OR"
}
]
}
]