Executive Summary
Informations | |||
---|---|---|---|
Name | CVE-2007-1367 | First vendor Publication | 2007-03-09 |
Vendor | Cve | Last vendor Modification | 2008-09-05 |
Security-Database Scoring CVSS v3
Cvss vector : N/A | |||
---|---|---|---|
Overall CVSS Score | NA | ||
Base Score | NA | Environmental Score | NA |
impact SubScore | NA | Temporal Score | NA |
Exploitabality Sub Score | NA | ||
Calculate full CVSS 3.0 Vectors scores |
Security-Database Scoring CVSS v2
Cvss vector : (AV:N/AC:M/Au:N/C:N/I:P/A:N) | |||
---|---|---|---|
Cvss Base Score | 4.3 | Attack Range | Network |
Cvss Impact Score | 2.9 | Attack Complexity | Medium |
Cvss Expoit Score | 8.6 | Authentication | None Required |
Calculate full CVSS 2.0 Vectors scores |
Detail
Cross-site scripting (XSS) vulnerability in the login page in Avaya Communications Manager (CM) S87XX, S8500, and S8300 products before 3.1.3 allows remote attackers to inject arbitrary web script or HTML via the Login field. |
Original Source
Url : http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1367 |
CPE : Common Platform Enumeration
Type | Description | Count |
---|---|---|
Hardware | 4 | |
Hardware | 4 | |
Hardware | 4 | |
Hardware | 4 |
Open Source Vulnerability Database (OSVDB)
Id | Description |
---|---|
33297 | Avaya Communications Manager Login Page XSS Avaya Communication Manager in Avaya S8300 Media Server, S8500 Media Server, and S87XX-Series Media Server contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not properly validate JavaScript input passed to the "Login" form field parameter on Communication Manager's login page. This could allow a user to execute arbitrary JavaScript code in the context of the affected application, leading to a loss of integrity. |
Sources (Detail)
Source | Url |
---|---|
BID | http://www.securityfocus.com/bid/22866 |
CONFIRM | http://support.avaya.com/elmodocs2/security/ASA-2007-064.htm |
OSVDB | http://www.osvdb.org/33297 |
SECUNIA | http://secunia.com/advisories/24397 |
Alert History
Date | Informations |
---|---|
2020-05-23 00:19:24 |
|
2016-06-28 16:16:35 |
|
2016-04-26 15:51:15 |
|
2013-05-11 10:20:24 |
|