PT-2019-19732 · Shoretel · Shoretel Connect Onsite

Ramikan

·

Publicado

2019-03-06

·

Atualizado

2022-10-07

·

CVE-2019-9591

CVSS v3.1

6.1

Média

VetorAV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Name of the Vulnerable Software and Affected Versions ShoreTel Connect ONSITE versions prior to 19.49.1500.0
Description A reflected Cross-site scripting issue allows remote attackers to inject arbitrary web script or HTML via the brandUrl parameter.
Recommendations For versions prior to 19.49.1500.0, update to version 19.49.1500.0 or later to resolve the issue.

Exploit

Correção

XSS

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-79

Identificadores relacionados

CVE-2019-9591

Produtos afetados

Shoretel Connect Onsite