CVE-2024-28070

Name of the Vulnerable Software and Affected Versions Mitel MiContact Center Business versions through 10.0.0.4

Description A vulnerability in the legacy chat component could allow an unauthenticated attacker to conduct a reflected cross-site scripting (XSS) attack due to insufficient input validation. A successful exploit could allow an attacker to access sensitive information and gain unauthorized access.

Recommendations For versions through 10.0.0.4, consider disabling the legacy chat component as a temporary workaround until a patch is available. Restrict access to sensitive information to minimize the risk of exploitation. Avoid using the legacy chat component until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.