CVE-2021-25656

Summary

Stored XSS injection vulnerabilities were discovered in the Avaya Aura Experience Portal Web management which could allow an authenticated user to potentially disclose sensitive information. Affected versions include 7.0 through 7.2.3 (without hotfix) and 8.0.0 (without hotfix).

Affected Software

VendorProductVersion RangeStatus
AvayaProduct8.0affected
AvayaProduct7.2.3 < 7.0*affected

Weaknesses

  • CWE-79: CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting').

ADP Enrichment

CVE Program Container

Additional References

References