What is CVE-2018-15614?

CVE-2018-15614 is a medium-severity vulnerability in Avaya Ip Office, classified under Cross-site Scripting. CVSS score: 6.8/10. Published 2019-01-23.

How severe is CVE-2018-15614?

Medium severity. CVSS v3 base score is 6.8 out of 10.

XSS in Avaya Ip Office

CVE-2018-15614

A vulnerability in the one-x Portal component of IP Office could allow an authenticated user to perform stored cross site scripting attacks via fields in the Conference Scheduler Service that could affect other application users. Affected…

Vulnerability class: XSS (Cross-Site Scripting)

EPSS: 0.002 (41.7th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 6.8 (Medium). Vector: CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N.

Affected products

Avaya Ip Office — versions 10.x, 11.x

Weakness classification (CWE)

CWE-79 — Cross-site Scripting

References

downloads.avaya.com/css/P8/documents/101054317 (x_refsource_CONFIRM)

Frequently asked questions

What is CVE-2018-15614?: CVE-2018-15614 is a medium-severity vulnerability in Avaya Ip Office, classified under Cross-site Scripting. CVSS score: 6.8/10. Published 2019-01-23.
How severe is CVE-2018-15614?: Medium severity. CVSS v3 base score is 6.8 out of 10.