Avaya Spaces HTML Injection Vulnerability Allowing Information Disclosure and Content Modification

Vulnerability

A vulnerability allowing HTML injection has been identified in Avaya Spaces. This issue may have led to the unauthorized disclosure of sensitive information or allowed users to modify the content of pages they viewed. The vulnerability is present in the Avaya Spaces Web Client and APIs, which are scheduled for discontinuation on September 15, 2025.

Impact

Exploitation of this vulnerability could result in unauthorized information disclosure or unintended modifications to page content, potentially misleading users or altering their experience.

Added: Jun 9, 2025, 7:46 PM

Updated: Jun 9, 2025, 7:46 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

3.1

exploitability

4.5

remediation

0.0

relevance

0.0

threat

0.0

urgency

2.9

incentive

0.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

3.1

exploitability

4.5

remediation

0.0

relevance

0.0

threat

0.0

urgency

2.9

incentive

0.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Avaya Spaces HTML Injection Vulnerability Allowing Information Disclosure and Content Modification

Vulnerability

Impact

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating