CVE-2007-1367

medium

Description

Cross-site scripting (XSS) vulnerability in the login page in Avaya Communications Manager (CM) S87XX, S8500, and S8300 products before 3.1.3 allows remote attackers to inject arbitrary web script or HTML via the Login field.

References

http://www.securityfocus.com/bid/22866

http://www.osvdb.org/33297

http://support.avaya.com/elmodocs2/security/ASA-2007-064.htm

http://secunia.com/advisories/24397

Details

Source: Mitre, NVD

Published: 2007-03-09

Updated: 2026-06-16

Risk Information

CVSS v2

Base Score: 4.3

Vector: CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:N

Severity: Medium

CVSS v3

Base Score: 6.1

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N