Leonardo Ferreira

**Name of the Vulnerable Software and Affected Versions** Mitel MiVoice Connect versions through 19.3 SP2 Mitel MiVoice Connect version 22.24.1500.0 **Description** The issue is related to insufficient validation for the `test presenter.php` page, which could allow an unauthenticated attacker to conduct a reflected cross-site scripting (XSS) attack. A successful exploit could allow an attacker to execute arbitrary scripts. The vulnerability is also associated with inadequate protection of the web page structure, potentially allowing a remote attacker to access user conference information. **Recommendations** For Mitel MiVoice Connect versions through 19.3 SP2, update to a version that addresses the insufficient validation issue. For Mitel MiVoice Connect version 22.24.1500.0, update to a version that addresses the insufficient validation issue. As a temporary workaround, consider restricting access to the `test presenter.php` page until a patch is available.