Description
A Cross-Site Scripting (XSS) vulnerability in the WebUI component of IP Office Application Server could allow unauthorized code execution and potentially disclose sensitive information. All product versions 11.x are affected. Product versions prior to 11.0, including unsupported versions, were not evaluated.
Exploits (1)
exploitdb
WORKING POC
by Scott Goodwin · textwebappshardware
https://www.exploit-db.com/exploits/48105
Scores
CVSS v3
5.4
EPSS
0.0070
EPSS Percentile
72.0%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
Details
CWE
CWE-79
Status
published
Products (1)
avaya/ip_office_application_server
11.0 - 11.0.4.0
Published
Dec 12, 2019
Tracked Since
Feb 18, 2026