CyberAlerts is shutting down on June 30th, 2025. Thank you for your support!

CVE-2024-12756: Avaya Spaces HTML injection (HTMLi) Vulnerability

7.3 CVSS

Description

An HTML Injection vulnerability in Avaya Spaces may have allowed disclosure of sensitive information or modification of the page content seen by the user.

Classification

CVE ID: CVE-2024-12756

CVSS Base Severity: HIGH

CVSS Base Score: 7.3

CVSS Vector: CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:C/C:H/I:H/A:N

Affected Products

Vendor: Avaya

Product: Avaya Spaces

Exploit Prediction Scoring System (EPSS)

EPSS Score: 0.04% (probability of being exploited)

EPSS Percentile: 11.94% (scored less or equal to compared to others)

EPSS Date: 2025-03-12 (when was this score calculated)

References

https://support.avaya.com/css/public/documents/101091836

Timeline

2025-02-12 00:31:31 UTC
CVE

Avaya Spaces HTML injection (HTMLi) Vulnerability