6.1
CVE-2024-52882
- EPSS 0.22%
- Veröffentlicht 07.02.2025 16:15:36
- Zuletzt bearbeitet 01.05.2025 14:25:30
- Quelle cve@mitre.org
- CVE-Watchlists
- Unerledigt
LoginAn issue was discovered in AudioCodes One Voice Operations Center (OVOC) before 8.4.582. Due to improper neutralization of input via the devices API, an attacker can inject malicious JavaScript code (XSS) to attack logged-in administrator sessions.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Audiocodes ≫ One Voice Operations Center Version < 8.4.582
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.22% | 0.119 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| 134c704f-9b21-4f2e-91b3-4a467353bcc0 | 6.1 | 2.8 | 2.7 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
|
CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.
https://www.audiocodes.com/solutions-products/products/management-products-solutions/one-voice-operations-center
https://www.syss.de/fileadmin/dokumente/Publikationen/Advisories/SYSS-2024-076.txt