{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2007-03-07T00:00:00.000Z", "descriptions": [{"lang": "en", "value": "Cross-site scripting (XSS) vulnerability in the login page in Avaya Communications Manager (CM) S87XX, S8500, and S8300 products before 3.1.3 allows remote attackers to inject arbitrary web script or HTML via the Login field."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2007-03-31T09:00:00.000Z", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"name": "22866", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/22866"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://support.avaya.com/elmodocs2/security/ASA-2007-064.htm"}, {"name": "33297", "tags": ["vdb-entry", "x_refsource_OSVDB"], "url": "http://www.osvdb.org/33297"}, {"name": "24397", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/24397"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2007-1367", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Cross-site scripting (XSS) vulnerability in the login page in Avaya Communications Manager (CM) S87XX, S8500, and S8300 products before 3.1.3 allows remote attackers to inject arbitrary web script or HTML via the Login field."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "22866", "refsource": "BID", "url": "http://www.securityfocus.com/bid/22866"}, {"name": "http://support.avaya.com/elmodocs2/security/ASA-2007-064.htm", "refsource": "CONFIRM", "url": "http://support.avaya.com/elmodocs2/security/ASA-2007-064.htm"}, {"name": "33297", "refsource": "OSVDB", "url": "http://www.osvdb.org/33297"}, {"name": "24397", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/24397"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-07T12:50:35.043Z"}, "title": "CVE Program Container", "references": [{"name": "22866", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/22866"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://support.avaya.com/elmodocs2/security/ASA-2007-064.htm"}, {"name": "33297", "tags": ["vdb-entry", "x_refsource_OSVDB", "x_transferred"], "url": "http://www.osvdb.org/33297"}, {"name": "24397", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/24397"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2007-1367", "datePublished": "2007-03-09T22:00:00.000Z", "dateReserved": "2007-03-09T00:00:00.000Z", "dateUpdated": "2024-08-07T12:50:35.043Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:h:avaya:s8710:cm_2.0:*:*:*:*:*:*:*", "matchCriteriaId": "80FAA203-5F76-4C21-AC05-57514C431653", "vulnerable": true}, {"criteria": "cpe:2.3:h:avaya:s8710:cm_3.1:*:*:*:*:*:*:*", "matchCriteriaId": "32CD9BFE-4442-4CF0-9139-F9D7F2BC7E58", "vulnerable": true}, {"criteria": "cpe:2.3:h:avaya:s8710:r2.0.0:*:*:*:*:*:*:*", "matchCriteriaId": "68B1272B-8B71-4D2D-A5E4-0E7828500C22", "vulnerable": true}, {"criteria": "cpe:2.3:h:avaya:s8710:r2.0.1:*:*:*:*:*:*:*", "matchCriteriaId": "A7C7B9C0-91A2-4529-B879-60DE043E719C", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:avaya:s8300:cm_2.0:*:*:*:*:*:*:*", "matchCriteriaId": "4D4D445B-498F-4513-A0F8-49B3E8D2D80A", "vulnerable": true}, {"criteria": "cpe:2.3:h:avaya:s8300:cm_3.1:*:*:*:*:*:*:*", "matchCriteriaId": "CFBC7428-E9E3-444D-908C-124746E673B3", "vulnerable": true}, {"criteria": "cpe:2.3:h:avaya:s8300:r2.0.0:*:*:*:*:*:*:*", "matchCriteriaId": "20C0BD87-CE4B-49D2-89BE-EF282C43AD72", "vulnerable": true}, {"criteria": "cpe:2.3:h:avaya:s8300:r2.0.1:*:*:*:*:*:*:*", "matchCriteriaId": "C3E6C4A8-59F4-43EE-8413-E95289037598", "vulnerable": true}, {"criteria": "cpe:2.3:h:avaya:s8500:cm_2.0:*:*:*:*:*:*:*", "matchCriteriaId": "4D558C4A-8656-47D6-BA5B-4B6BD9A8C6E4", "vulnerable": true}, {"criteria": "cpe:2.3:h:avaya:s8500:cm_3.1:*:*:*:*:*:*:*", "matchCriteriaId": "D421904B-2791-42C8-AAB5-BEAC5F954534", "vulnerable": true}, {"criteria": "cpe:2.3:h:avaya:s8500:r2.0.0:*:*:*:*:*:*:*", "matchCriteriaId": "FE76357A-27E6-4D85-9AA0-1BB658C41568", "vulnerable": true}, {"criteria": "cpe:2.3:h:avaya:s8500:r2.0.1:*:*:*:*:*:*:*", "matchCriteriaId": "C56C5FDB-24E2-479D-87CA-164CD28567D3", "vulnerable": true}, {"criteria": "cpe:2.3:h:avaya:s8700:cm_2.0:*:*:*:*:*:*:*", "matchCriteriaId": "DDDAC89B-F0D4-4373-835F-99AF4F0BCF3F", "vulnerable": true}, {"criteria": "cpe:2.3:h:avaya:s8700:cm_3.1:*:*:*:*:*:*:*", "matchCriteriaId": "0042D294-4AF7-45F5-B356-13B72044D9B4", "vulnerable": true}, {"criteria": "cpe:2.3:h:avaya:s8700:r2.0.0:*:*:*:*:*:*:*", "matchCriteriaId": "AEF6C16F-8EDF-4A24-BFEF-6A304D654EEB", "vulnerable": true}, {"criteria": "cpe:2.3:h:avaya:s8700:r2.0.1:*:*:*:*:*:*:*", "matchCriteriaId": "D982AE39-BB57-49E7-B5FE-5EF1ADE2F019", "vulnerable": true}], "negate": false, "operator": "OR"}], "operator": "AND"}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Cross-site scripting (XSS) vulnerability in the login page in Avaya Communications Manager (CM) S87XX, S8500, and S8300 products before 3.1.3 allows remote attackers to inject arbitrary web script or HTML via the Login field."}, {"lang": "es", "value": "Vulnerabilidad de secuencias de comandos en sitios cruzados (XSS) en la p\u00e1gina de autenticaci\u00f3n de los productos Avaya Communications Manager (CM) S87XX, S8500 y S8300 anteriores al 3.1.3 permite a atacantes remotos inyectar secuencias de comandos web o HTML de su elecci\u00f3n mediante el campo Login."}], "id": "CVE-2007-1367", "lastModified": "2025-04-09T00:30:58.490", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 4.3, "confidentialityImpact": "NONE", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": true}]}, "published": "2007-03-09T22:19:00.000", "references": [{"source": "cve@mitre.org", "url": "http://secunia.com/advisories/24397"}, {"source": "cve@mitre.org", "tags": ["Patch", "Vendor Advisory"], "url": "http://support.avaya.com/elmodocs2/security/ASA-2007-064.htm"}, {"source": "cve@mitre.org", "url": "http://www.osvdb.org/33297"}, {"source": "cve@mitre.org", "url": "http://www.securityfocus.com/bid/22866"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://secunia.com/advisories/24397"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch", "Vendor Advisory"], "url": "http://support.avaya.com/elmodocs2/security/ASA-2007-064.htm"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.osvdb.org/33297"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securityfocus.com/bid/22866"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Deferred", "weaknesses": [{"description": [{"lang": "en", "value": "NVD-CWE-Other"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{}

{}