CVE-2023-25599

Name of the Vulnerable Software and Affected Versions Mitel MiVoice Connect versions through 19.3 SP2 Mitel MiVoice Connect version 22.24.1500.0

Description The issue is related to insufficient validation for the test presenter.php page, which could allow an unauthenticated attacker to conduct a reflected cross-site scripting (XSS) attack. A successful exploit could allow an attacker to execute arbitrary scripts. The vulnerability is also associated with inadequate protection of the web page structure, potentially allowing a remote attacker to access user conference information.

Recommendations For Mitel MiVoice Connect versions through 19.3 SP2, update to a version that addresses the insufficient validation issue. For Mitel MiVoice Connect version 22.24.1500.0, update to a version that addresses the insufficient validation issue. As a temporary workaround, consider restricting access to the test presenter.php page until a patch is available.