CVE-2024-12756

CVSS 3.1 Score 7.3 of 10 (high)

Details

Published Feb 11, 2025

CWE ID 74

Summary

CVE-2024-12756 is a newly identified HTML Injection vulnerability affecting Avaya Spaces. This issue permits an attacker to potentially disclose sensitive information or manipulate the content displayed to users on the platform, posing a significant risk to data privacy and security. The vulnerability arises due to insufficient input validation, which allows malicious HTML code to be injected into pages, leading to unintended consequences. Avaya has released a patch to address this vulnerability, and users are strongly urged to apply it as soon as possible to mitigate potential risks.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

https://app.recordedfuture.com/live/sc/entity/1uMqC8
https://www.cve.org/CVERecord?id=CVE-2024-12756
https://nvd.nist.gov/vuln/detail/CVE-2024-12756

Back to Vulnerability Database

CVE-2024-12756

CVSS 3.1 Score 7.3 of 10 (high)

Details

Summary

Advisories, Assessments, and Mitigations