CVE-2024-12756
Avaya Spaces HTML injection (HTMLi) Vulnerability
Severity Score
7.3
*CVSS v3.1
Exploit Likelihood
*EPSS
Affected Versions
*CPE
Public Exploits
0
*Multiple Sources
Exploited in Wild
-
*KEV
Decision
Track*
*SSVC
Descriptions
An HTML Injection vulnerability in Avaya Spaces may have allowed disclosure of sensitive information or modification of the page content seen by the user.
*Credits:
Waleed Elnawawy from Dubai Islamic Bank, Mostafa Noureldin from Liquid C2 Egypt
CVSS Scores
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
Attack Vector
Attack Complexity
Authentication
Confidentiality
Integrity
Availability
* Common Vulnerability Scoring System
SSVC
- Decision:Track*
Exploitation
Automatable
Tech. Impact
* Organization's Worst-case Scenario
Timeline
- 2024-12-18 CVE Reserved
- 2025-02-11 CVE Published
- 2025-02-12 CVE Updated
- 2025-02-12 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-74: Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')
CAPEC
- CAPEC-137: Parameter Injection
References (1)
| URL | Tag | Source |
|---|---|---|
| https://support.avaya.com/css/public/documents/101091836 |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Avaya Search vendor "Avaya" | Avaya Spaces Search vendor "Avaya" for product "Avaya Spaces" | 0 Search vendor "Avaya" for product "Avaya Spaces" and version "0" | en |
Affected
| ||||||