Mitel MiContact Center Business Vulnerability: Unauthenticated Stored XSS Attack

CVE-2024-35283

Summary

A vulnerability has been identified in the Ignite component of Mitel's MiContact Center Business software. This issue arises from insufficient input validation, enabling unauthenticated attackers to potentially execute stored cross-site scripting (XSS) attacks. Such vulnerabilities can allow attackers to inject malicious scripts into web pages viewed by users, leading to serious security risks including data theft and unauthorized actions performed on behalf of legitimate users.

References