PT-2020-16993 · Mitel · Mitel Shoretel
Published
2020-11-09
·
Updated
2020-11-18
·
CVE-2020-28351
CVSS v3.1
6.1
Medium
| Vector | AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N |
Name of the Vulnerable Software and Affected Versions
Mitel ShoreTel version 19.46.1802.0
Description
The issue allows an unauthenticated attacker to conduct a reflected cross-site scripting (XSS) attack due to insufficient validation for the
time zone object in the HOME MEETING& page, specifically via the PATH INFO to "index.php".Recommendations
For Mitel ShoreTel version 19.46.1802.0, consider restricting access to the HOME MEETING& page until a patch is available, and avoid using the
time zone object in this context to minimize the risk of exploitation.Exploit
Fix
XSS
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Mitel Shoretel