Cross-Site Scripting Vulnerability in Mitel MiCollab Web Client
CVE-2021-27401

6.1MEDIUM

Key Information:

Vendor

Mitel
Status
Micollab
Vendor
CVE Published:
13 August 2021

What is CVE-2021-27401?

The Join Meeting page of Mitel MiCollab Web Client versions prior to 9.2 FP2 is susceptible to a Cross-Site Scripting (XSS) vulnerability. This flaw arises from insufficient input validation, permitting attackers to execute arbitrary code. Exploiting this vulnerability could lead to unauthorized access, enabling attackers to view and modify user data.

References

https://www.mitel.com/support/security-advisories
x_refsource_MISC
https://www.mitel.com/support/security-advisories/mitel-p...
x_refsource_CONFIRM

CVSS V3.1

Score:
6.1
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Changed

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.