Authenticated Stored Cross-Site Scripting (XSS) Vulnerability
CVE-2024-30159

4.8MEDIUM

Key Information:

Vendor: Mitel
Status: Micollab
Vendor: CVE Published:; 21 October 2024

What is CVE-2024-30159?

A vulnerability in the web conferencing component of Mitel MiCollab through 9.7.1.110 could allow an authenticated attacker with administrative privileges to conduct a Stored Cross-Site Scripting (XSS) attack due to insufficient validation of user input. A successful exploit could allow an attacker to execute arbitrary scripts.

References

https://www.mitel.com/support/security-advisories/mitel-p...

CVSS V3.1

Score:

4.8

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

High

User Interaction:

Required

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Oct 21, 2024