Описание
A reflected cross-site scripting (XSS) vulnerability in the Mitel ShoreTel Conference Web Application 19.50.1000.0 before MiVoice Connect 18.7 SP2 allows remote attackers to inject arbitrary JavaScript and HTML via the PATH_INFO to home.php.
Ссылки
- Third Party Advisory
- Third Party Advisory
Уязвимые конфигурации
Конфигурация 1Версия до 21.90.9743.0 (исключая)
Одно из
cpe:2.3:a:mitel:mivoice_connect:*:*:*:*:*:*:*:*
cpe:2.3:a:mitel:shoretel_conference_web:19.50.1000.0:*:*:*:*:*:*:*
EPSS
Процентиль: 45%
0.00222
Низкий
6.1 Medium
CVSS3
4.3 Medium
CVSS2
Дефекты
CWE-79
Связанные уязвимости
github
больше 3 лет назад
A reflected cross-site scripting (XSS) vulnerability in the Mitel ShoreTel Conference Web Application 19.50.1000.0 before MiVoice Connect 18.7 SP2 allows remote attackers to inject arbitrary JavaScript and HTML via the PATH_INFO to home.php.
EPSS
Процентиль: 45%
0.00222
Низкий
6.1 Medium
CVSS3
4.3 Medium
CVSS2
Дефекты
CWE-79