{ "id": "CVE-2024-52882", "sourceIdentifier": "cve@mitre.org", "published": "2025-02-07T16:15:36.740", "lastModified": "2025-02-10T17:15:17.860", "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "An issue was discovered in AudioCodes One Voice Operations Center (OVOC) before 8.4.582. Due to improper neutralization of input via the devices API, an attacker can inject malicious JavaScript code (XSS) to attack logged-in administrator sessions." }, { "lang": "es", "value": "Se descubri\u00f3 un problema en AudioCodes One Voice Operations Center (OVOC) anterior a la versi\u00f3n 8.4.582. Debido a la neutralizaci\u00f3n incorrecta de la entrada a trav\u00e9s de la API de dispositivos, un atacante puede inyectar c\u00f3digo JavaScript malicioso (XSS) para atacar las sesiones de administrador iniciadas." } ], "metrics": { "cvssMetricV31": [ { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "cvssData": { "version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "baseScore": 6.1, "baseSeverity": "MEDIUM", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "REQUIRED", "scope": "CHANGED", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "availabilityImpact": "NONE" }, "exploitabilityScore": 2.8, "impactScore": 2.7 } ] }, "weaknesses": [ { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "description": [ { "lang": "en", "value": "CWE-79" } ] } ], "references": [ { "url": "https://www.audiocodes.com/solutions-products/products/management-products-solutions/one-voice-operations-center", "source": "cve@mitre.org" }, { "url": "https://www.syss.de/fileadmin/dokumente/Publikationen/Advisories/SYSS-2024-076.txt", "source": "cve@mitre.org" } ] }