What is CVE-2021-25656?

CVE-2021-25656 is a medium-severity vulnerability in Avaya Aura_experience_portal, classified under Cross-site Scripting. CVSS score: 5.3/10. Published 2021-06-24.

How severe is CVE-2021-25656?

Medium severity. CVSS v3 base score is 5.3 out of 10.

XSS in Avaya Aura_experience_portal

CVE-2021-25656

Stored XSS injection vulnerabilities were discovered in the Avaya Aura Experience Portal Web management which could allow an authenticated user to potentially disclose sensitive information. Affected versions include 7.0 through 7.2.3 (wit…

Vulnerability class: XSS (Cross-Site Scripting)

EPSS: 0.003 (25.8th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 5.3 (Medium). Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L.

Affected products

Avaya Aura_experience_portal — versions 8.0.0
Avaya Product — versions 8.0, 7.2.3

Weakness classification (CWE)

CWE-79 — Cross-site Scripting

References

securityalerts@avaya.com (Patch, x_refsource_MISC, Vendor Advisory)

Frequently asked questions

What is CVE-2021-25656?: CVE-2021-25656 is a medium-severity vulnerability in Avaya Aura_experience_portal, classified under Cross-site Scripting. CVSS score: 5.3/10. Published 2021-06-24.
How severe is CVE-2021-25656?: Medium severity. CVSS v3 base score is 5.3 out of 10.