Lucene search

[email protected]NVD:CVE-2007-1367

HistoryMar 09, 2007 - 10:19 p.m.

CVE-2007-1367

2007-03-0922:19:00

[email protected]

web.nvd.nist.gov

CVSS2

4.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

AI Score

5.7

Confidence

High

EPSS

0.003

Percentile

69.2%

JSON

Cross-site scripting (XSS) vulnerability in the login page in Avaya Communications Manager (CM) S87XX, S8500, and S8300 products before 3.1.3 allows remote attackers to inject arbitrary web script or HTML via the Login field.

Affected configurations

Nvd

Node

avayas8710Matchcm_2.0

avayas8710Matchcm_3.1

avayas8710Matchr2.0.0

avayas8710Matchr2.0.1

AND

avayas8300Matchcm_2.0

avayas8300Matchcm_3.1

avayas8300Matchr2.0.0

avayas8300Matchr2.0.1

avayas8500Matchcm_2.0

avayas8500Matchcm_3.1

avayas8500Matchr2.0.0

avayas8500Matchr2.0.1

avayas8700Matchcm_2.0

avayas8700Matchcm_3.1

avayas8700Matchr2.0.0

avayas8700Matchr2.0.1

VendorProductVersionCPE
avayas8710cm_2.0cpe:2.3:h:avaya:s8710:cm_2.0:*:*:*:*:*:*:*
avayas8710cm_3.1cpe:2.3:h:avaya:s8710:cm_3.1:*:*:*:*:*:*:*
avayas8710r2.0.0cpe:2.3:h:avaya:s8710:r2.0.0:*:*:*:*:*:*:*
avayas8710r2.0.1cpe:2.3:h:avaya:s8710:r2.0.1:*:*:*:*:*:*:*
avayas8300cm_2.0cpe:2.3:h:avaya:s8300:cm_2.0:*:*:*:*:*:*:*
avayas8300cm_3.1cpe:2.3:h:avaya:s8300:cm_3.1:*:*:*:*:*:*:*
avayas8300r2.0.0cpe:2.3:h:avaya:s8300:r2.0.0:*:*:*:*:*:*:*
avayas8300r2.0.1cpe:2.3:h:avaya:s8300:r2.0.1:*:*:*:*:*:*:*
avayas8500cm_2.0cpe:2.3:h:avaya:s8500:cm_2.0:*:*:*:*:*:*:*
avayas8500cm_3.1cpe:2.3:h:avaya:s8500:cm_3.1:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
avaya	s8710	cm_2.0	cpe:2.3:h:avaya:s8710:cm_2.0:::::::*
avaya	s8710	cm_3.1	cpe:2.3:h:avaya:s8710:cm_3.1:::::::*
avaya	s8710	r2.0.0	cpe:2.3:h:avaya:s8710:r2.0.0:::::::*
avaya	s8710	r2.0.1	cpe:2.3:h:avaya:s8710:r2.0.1:::::::*
avaya	s8300	cm_2.0	cpe:2.3:h:avaya:s8300:cm_2.0:::::::*
avaya	s8300	cm_3.1	cpe:2.3:h:avaya:s8300:cm_3.1:::::::*
avaya	s8300	r2.0.0	cpe:2.3:h:avaya:s8300:r2.0.0:::::::*
avaya	s8300	r2.0.1	cpe:2.3:h:avaya:s8300:r2.0.1:::::::*
avaya	s8500	cm_2.0	cpe:2.3:h:avaya:s8500:cm_2.0:::::::*
avaya	s8500	cm_3.1	cpe:2.3:h:avaya:s8500:cm_3.1:::::::*

Rows per page:

1-10 of 161

References

secunia.com/advisories/24397

support.avaya.com/elmodocs2/security/ASA-2007-064.htm

www.osvdb.org/33297

www.securityfocus.com/bid/22866

CVSS2

4.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

AI Score

5.7

Confidence

High

EPSS

0.003

Percentile

69.2%

JSON

Related for NVD:CVE-2007-1367

cve1 securityvulns1 cvelist1 prion1