PT-2026-3136 · Mitel · Mitel Micontact Center Business+1
Published
2026-01-15
·
Updated
2026-01-17
·
CVE-2025-67823
CVSS v3.1
8.2
High
| Vector | AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:L/A:N |
Name of the Vulnerable Software and Affected Versions
Mitel MiContact Center Business versions through 10.2.0.10
Mitel CX versions through 1.1.0.1
Description
A flaw exists in the Multimedia Email component that could allow an unauthenticated attacker to perform a Cross-Site Scripting (XSS) attack. This is due to inadequate input validation. A successful exploit requires user interaction with the email channel when it is enabled, potentially allowing an attacker to execute arbitrary scripts in the victim’s browser or desktop client application.
Recommendations
Update Mitel MiContact Center Business to a version later than 10.2.0.10.
Update Mitel CX to a version later than 1.1.0.1.
Fix
XSS
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Mitel Micontact Center Business
Mitel Cx