Stored XSS Vulnerability in Atos Unify OpenScape UC Application V9 and V10

Stored XSS Vulnerability in Atos Unify OpenScape UC Application V9 and V10

CVE-2019-19865 · MEDIUM Severity

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Atos Unify OpenScape UC Application V9 before version V9 R4.31.0 and V10 before version V10 R0.6.0 allows XSS. An attacker could exploit this by convincing an authenticated user to inject arbitrary JavaScript code in the Profile Name field. A browser would execute this stored XSS payload.

Learn more about our User Device Pen Test.