Mitel MiContact Center Business Vulnerability: Unauthenticated Stored XSS Attack
CVE-2024-35283

6.1MEDIUM

Key Information:

Vendor

Mitel
Status
Micontact Center Business
Vendor
CVE Published:
29 May 2024

What is CVE-2024-35283?

A vulnerability has been identified in the Ignite component of Mitel's MiContact Center Business software. This issue arises from insufficient input validation, enabling unauthenticated attackers to potentially execute stored cross-site scripting (XSS) attacks. Such vulnerabilities can allow attackers to inject malicious scripts into web pages viewed by users, leading to serious security risks including data theft and unauthorized actions performed on behalf of legitimate users.

References

https://www.mitel.com/support/security-advisories/mitel-p...

CVSS V3.1

Score:
6.1
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Changed

Timeline

  • Vulnerability published

JSON
.
CVE-2024-35283 : Mitel MiContact Center Business Vulnerability: Unauthenticated Stored XSS Attack