Mitel MiContact Center Business Vulnerability: Unauthenticated Stored XSS Attack
CVE-2024-35283

6.1MEDIUM

Key Information:

Vendor: Mitel
Status: Micontact Center Business
Vendor: CVE Published:; 29 May 2024

What is CVE-2024-35283?

A vulnerability has been identified in the Ignite component of Mitel's MiContact Center Business software. This issue arises from insufficient input validation, enabling unauthenticated attackers to potentially execute stored cross-site scripting (XSS) attacks. Such vulnerabilities can allow attackers to inject malicious scripts into web pages viewed by users, leading to serious security risks including data theft and unauthorized actions performed on behalf of legitimate users.

References

https://www.mitel.com/support/security-advisories/mitel-p...

CVSS V3.1

Score:

6.1

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
May 29, 2024