CVE-2018-12901

Name of the Vulnerable Software and Affected Versions Mitel ST 14.2 versions GA29 (19.49.9400.0) and earlier

Description The issue is related to insufficient validation for the "signin.php" page, which could allow an unauthenticated attacker to conduct a reflected cross-site scripting (XSS) attack. A successful exploit could enable an attacker to execute arbitrary scripts. The vulnerability is also described as being related to a lack of protection for the web page structure, which may allow a remote attacker to perform cross-site scripting attacks.

Recommendations For Mitel ST 14.2 versions GA29 (19.49.9400.0) and earlier, consider implementing additional validation for the signin.php page to prevent reflected XSS attacks. As a temporary workaround, restrict access to the signin.php page until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.