Reflected Cross-Site Scripting Vulnerability in Mitel MiVoice Connect
CVE-2023-25598
6.1MEDIUM
Summary
A vulnerability in the conferencing component of Mitel MiVoice Connect can allow an unauthenticated attacker to execute a reflected XSS attack. This occurs due to inadequate validation for the home.php page, enabling the possibility of executing arbitrary scripts. This security issue affects multiple versions of Mitel MiVoice Connect, posing risks to users if unpatched.
References
CVSS V3.1
Score:
6.1
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Changed
Timeline
Vulnerability published
Vulnerability Reserved