Reflected Cross-Site Scripting Vulnerability in Mitel MiVoice Connect
CVE-2023-25599

7.4HIGH

Key Information:

Vendor: Mitel
Status: Mivoice Connect
Vendor: CVE Published:; 24 May 2023

Summary

A vulnerability exists in the conferencing component of Mitel MiVoice Connect versions 19.3 SP2 and 22.24.1500.0, enabling unauthenticated attackers to perform reflected cross-site scripting (XSS) attacks. This vulnerability arises due to insufficient input validation on the test_presenter.php page. If successfully exploited, it permits an attacker to execute arbitrary scripts within the context of the affected user, posing a significant security risk.

References

https://www.mitel.com/support/security-advisories

https://www.mitel.com/support/security-advisories/mitel-p...

CVSS V3.1

Score:

7.4

Severity:

HIGH

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Changed

Timeline

Vulnerability published
May 24, 2023
Vulnerability Reserved
Feb 8, 2023