CVE-2018-15613 HIGH

CVE-2018-15613: Orchestration Designer Runtime Config XSS

Vendor Avaya
Product Orchestration Designer
Weakness CWE-79 · XSS
Published September 21, 2018
Last update August 5, 2024
View on NVD All CVEs

CVSS base score

8.3/10
Attack vector Network
Attack complexity High
Privileges required None
User interaction Required
Confidentiality High
Integrity High

CVSS vector

CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H

What the vulnerability does

01Description

A cross-site scripting (XSS) vulnerability in the Runtime Config component of Avaya Aura Orchestration Designer could result in malicious content being returned to the user. Affected versions of Avaya Aura Orchestration Designer include all versions up to 7.2.1.

Key dates

02Disclosure timeline

September 21, 2018 CVE published
August 5, 2024 Record updated

Related vulnerabilities

04Related CVE

CVE-2024-0976 WP Event Manager <= 3.1.41 - Reflected Cross-Site Scripting via plugin CVE-2025-62074 WordPress WPMobile.App plugin <= 11.71 - Cross Site Scripting (XSS) vulnerability CVE-2024-47782 Cross-site Scripting (XSS) in Special:WikiDiscover when displaying wiki information in WikiDiscover CVE-2023-51492 WordPress If-So Dynamic Content Personalization Plugin <= 1.6.3.1 is vulnerable to Cross Site Scripting (XSS) CVE-2024-34415 WordPress Thim Elementor Kit plugin <= 1.1.8 - Cross Site Scripting (XSS) vulnerability