Harrison Coale

**Name of the Vulnerable Software and Affected Versions** Mitel ST 14.2 versions GA29 (19.49.9400.0) and earlier **Description** The issue is related to insufficient validation for the "signin.php" page, which could allow an unauthenticated attacker to conduct a reflected cross-site scripting (XSS) attack. A successful exploit could enable an attacker to execute arbitrary scripts. The vulnerability is also described as being related to a lack of protection for the web page structure, which may allow a remote attacker to perform cross-site scripting attacks. **Recommendations** For Mitel ST 14.2 versions GA29 (19.49.9400.0) and earlier, consider implementing additional validation for the signin.php page to prevent reflected XSS attacks. As a temporary workaround, restrict access to the signin.php page until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.