Описание
A vulnerability in the conferencing component of Mitel ST 14.2, release GA28 and earlier, could allow an authenticated user to upload a malicious script to the Personal Library by a crafted POST request. Successful exploit could allow an attacker to execute arbitrary code within the context of the application.
Уязвимые конфигурации
Конфигурация 1Версия до ga28 (включая)
cpe:2.3:a:mitel:st14.2:*:*:*:*:*:*:*:*
EPSS
Процентиль: 80%
0.01441
Низкий
8.8 High
CVSS3
9 Critical
CVSS2
Дефекты
CWE-434
Связанные уязвимости
CVSS3: 8.8
github
больше 3 лет назад
A vulnerability in the conferencing component of Mitel ST 14.2, release GA28 and earlier, could allow an authenticated user to upload a malicious script to the Personal Library by a crafted POST request. Successful exploit could allow an attacker to execute arbitrary code within the context of the application.
EPSS
Процентиль: 80%
0.01441
Низкий
8.8 High
CVSS3
9 Critical
CVSS2
Дефекты
CWE-434