Mitel MiContact Center Business Vulnerability: Reflected XSS Attack
CVE-2024-28070

6.8MEDIUM

Key Information:

Vendor

Mitel
Status
Micontact Center Business
Vendor
CVE Published:
16 March 2024

What is CVE-2024-28070?

A vulnerability in the legacy chat component of Mitel MiContact Center Business through 10.0.0.4 could allow an unauthenticated attacker to conduct a reflected cross-site scripting (XSS) attack due to insufficient input validation. A successful exploit could allow an attacker to access sensitive information and gain unauthorized access.

References

https://www.mitel.com/support/security-advisories/mitel-p...

CVSS V3.1

Score:
6.8
Severity:
MEDIUM
Confidentiality:
High
Integrity:
None
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
Required
Scope:
Changed

Timeline

  • Vulnerability published

  • Vulnerability Reserved

JSON
.
CVE-2024-28070 : Mitel MiContact Center Business Vulnerability: Reflected XSS Attack