CVE-2024-30159

Name of the Vulnerable Software and Affected Versions: Mitel MiCollab versions through 9.7.1.110

Description: The issue is related to insufficient validation of user input in the web conferencing component, allowing an authenticated attacker with administrative privileges to conduct a Stored Cross-Site Scripting (XSS) attack. This could enable an attacker to execute arbitrary scripts. The vulnerability is associated with the lack of protection for the web page structure.

Recommendations: For versions through 9.7.1.110, consider disabling the web conferencing component until a patch is available to prevent potential exploitation. Restrict access to the web conferencing feature to minimize the risk of Stored Cross-Site Scripting (XSS) attacks. Avoid using the vulnerable component for sensitive operations until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.