Cross-Site Scripting Vulnerability in Mitel MiContact Center Business
CVE-2020-24692

7.1HIGH

Key Information:

Vendor: Mitel
Status: Micontact Center Business
Vendor: CVE Published:; 25 September 2020

What is CVE-2020-24692?

The Ignite portal within Mitel MiContact Center Business before version 9.3.0.0 is susceptible to cross-site scripting due to inadequate input validation. This vulnerability enables attackers to execute arbitrary scripts in the context of a user session. Exploiting this weakness could allow unauthorized access to sensitive information, thereby compromising the security of the application. Users are advised to update their systems promptly and review security practices to mitigate potential risks.

References

https://www.mitel.com/support/security-advisories

x_refsource_MISC

https://www.mitel.com/support/security-advisories/mitel-p...

x_refsource_CONFIRM

CVSS V3.1

Score:

7.1

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Sep 25, 2020
Vulnerability Reserved
Aug 26, 2020