Reflected Cross-Site Scripting Vulnerability in Mitel MiContact Center
CVE-2025-27828

7.1HIGH

Key Information:

Vendor

Mitel
Status
Mitel MiContact Center
Vendor
CVE Published:
24 June 2025

What is CVE-2025-27828?

A vulnerability exists in the legacy chat component of the Mitel MiContact Center that could be exploited through reflected cross-site scripting (XSS) attacks. Due to insufficient input validation, an unauthenticated attacker could execute arbitrary scripts if the user engages with specific malicious content. While the exploit necessitates user interaction, it poses risks to the confidentiality and integrity of the affected system.

References

https://www.mitel.com/support/security-advisories
https://www.mitel.com/support/security-advisories/mitel-p...

CVSS V3.1

Score:
7.1
Severity:
HIGH
Confidentiality:
High
Integrity:
Low
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

JSON
.
CVE-2025-27828 : Reflected Cross-Site Scripting Vulnerability in Mitel MiContact Center