cvedb.io
CVE-2018-15614
MEDIUM · CVSS 6.8
EPSS exploitation probability: 0%
Published 2019-01-23T17:29:00.397 · Last modified 2026-06-17T01:42:50.710

Summary

A vulnerability in the one-x Portal component of IP Office could allow an authenticated user to perform stored cross site scripting attacks via fields in the Conference Scheduler Service that could affect other application users. Affected versions of IP Office include 10.0 through 10.1 SP3 and 11.0 versions prior to 11.0 SP1.

Affected products

avaya — ip_office

Does this affect you?

Add your gear to cvedb and we'll alert you only when avaya ships something exploited.

Check my exposure →

References

This product uses data from the NVD API but is not endorsed or certified by the NVD. Informational only; not professional security advice.