CVE-2018-9103

Name of the Vulnerable Software and Affected Versions Mitel MiVoice Connect versions R1707-PREM SP1 (21.84.5535.0) and earlier Mitel ST 14.2 versions GA27 (19.49.5200.0) and earlier

Description The issue is related to insufficient validation for the "signin.php" page, which could allow an unauthenticated attacker to conduct a reflected cross-site scripting (XSS) attack. A successful exploit could allow an attacker to execute arbitrary scripts.

Recommendations For Mitel MiVoice Connect versions R1707-PREM SP1 (21.84.5535.0) and earlier, update to a version later than R1707-PREM SP1 (21.84.5535.0) to resolve the issue. For Mitel ST 14.2 versions GA27 (19.49.5200.0) and earlier, update to a version later than GA27 (19.49.5200.0) to resolve the issue. As a temporary workaround, consider restricting access to the signin.php page until a patch is available.