CVE-2021-25656

MEDIUM

Avaya Aura Experience Portal < 7.2.3 - XSS

Title source: rule

Description

Stored XSS injection vulnerabilities were discovered in the Avaya Aura Experience Portal Web management which could allow an authenticated user to potentially disclose sensitive information. Affected versions include 7.0 through 7.2.3 (without hotfix) and 8.0.0 (without hotfix).

References (1)

[Patch, Vendor Advisory] https://downloads.avaya.com/css/P8/documents/101076234

Scores

CVSS v3 5.3

EPSS 0.0015

EPSS Percentile 34.8%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L

Classification

CWE

CWE-79

Status published

Affected Products (2)

avaya/aura_experience_portal < 7.2.3

avaya/aura_experience_portal

Timeline

Published Jun 24, 2021

Tracked Since Feb 18, 2026