CVE-2007-1367

CVSS 4.3 - MEDIUM
Description

Cross-site scripting (XSS) vulnerability in the login page in Avaya Communications Manager (CM) S87XX, S8500, and S8300 products before 3.1.3 allows remote attackers to inject arbitrary web script or HTML via the Login field.

Affected Products
16
Vendor Product Version
avaya s8710 cm_2.0
avaya s8710 cm_3.1
avaya s8710 r2.0.0
avaya s8710 r2.0.1
avaya s8300 cm_2.0
avaya s8300 cm_3.1
avaya s8300 r2.0.0
avaya s8300 r2.0.1
avaya s8500 cm_2.0
avaya s8500 cm_3.1
avaya s8500 r2.0.0
avaya s8500 r2.0.1
avaya s8700 cm_2.0
avaya s8700 cm_3.1
avaya s8700 r2.0.0
avaya s8700 r2.0.1
References
http://secunia.com/advisories/24397
http://support.avaya.com/elmodocs2/security/ASA-20...
http://www.osvdb.org/33297
http://www.securityfocus.com/bid/22866
http://secunia.com/advisories/24397
http://support.avaya.com/elmodocs2/security/ASA-20...
http://www.osvdb.org/33297
http://www.securityfocus.com/bid/22866
Weakness Types
NVD-CWE-Other
CVE Information
CVE ID:
CVE-2007-1367
Published:
2007-03-09
Modified:
2026-04-23
CVSS Score:
4.3
Severity:
MEDIUM
Vector:
AV:N/AC:M/Au:N/C:N/I:P/A:N
Affected Vendors
avaya
Quick Actions
View on NVD Find Similar CVEs
CVSS Severity Scale
0.0 - 3.9 LOW
4.0 - 6.9 MEDIUM
7.0 - 8.9 HIGH
9.0 - 10.0 CRITICAL