cvelist/2020/7xxx/CVE-2020-7033.json

{
   "CVE_data_meta": {
      "ASSIGNER": "securityalerts@avaya.com",
      "DATE_PUBLIC": "2020-11-10T05:00:00.000Z",
      "ID": "CVE-2020-7033",
      "STATE": "PUBLIC",
      "TITLE": "Avaya Equinox Conferencing XSS"
   },
   "affects": {
      "vendor": {
         "vendor_data": [
            {
               "product": {
                  "product_data": [
                     {
                        "product_name": "Avaya Equinox Conferencing",
                        "version": {
                           "version_data": [
                              {
                                 "affected": "<",
                                 "version_name": "9.x",
                                 "version_value": "9.1.10"
                              }
                           ]
                        }
                     }
                  ]
               },
               "vendor_name": "Avaya"
            }
         ]
      }
   },
   "data_format": "MITRE",
   "data_type": "CVE",
   "data_version": "4.0",
   "description": {
      "description_data": [
         {
            "lang": "eng",
            "value": "A Cross Site Scripting (XSS) Vulnerability on the Unified Portal Client (web client) used in Avaya Equinox Conferencing can allow an authenticated user to perform XSS attacks. The affected versions of Equinox Conferencing includes all 9.x versions before 9.1.10."
         }
      ]
   },
   "impact": {
      "cvss": {
         "attackComplexity": "LOW",
         "attackVector": "NETWORK",
         "availabilityImpact": "NONE",
         "baseScore": 6.3,
         "baseSeverity": "MEDIUM",
         "confidentialityImpact": "HIGH",
         "integrityImpact": "LOW",
         "privilegesRequired": "LOW",
         "scope": "UNCHANGED",
         "userInteraction": "REQUIRED",
         "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:L/A:N",
         "version": "3.1"
      }
   },
   "problemtype": {
      "problemtype_data": [
         {
            "description": [
               {
                  "lang": "eng",
                  "value": "CWE-79 - Improper Neutralization of Input During Web Page Generation"
               }
            ]
         }
      ]
   },
   "references": {
      "reference_data": [
         {
            "name": "https://downloads.avaya.com/css/P8/documents/101072147",
            "refsource": "CONFIRM",
            "url": "https://downloads.avaya.com/css/P8/documents/101072147"
         }
      ]
   },
   "source": {
      "advisory": "ASA-2020-152"
   }
}