3 results (0.007 seconds)

CVSS: 9.8EPSS: 0%CPEs: 3EXPL: 0

A Command Injection vulnerability has been identified in the MiVoice Office 400 SMB Controller through 1.2.5.23 which could allow a malicious actor to execute arbitrary commands within the context of the system. • https://www.mitel.com/support/security-advisories/mitel-product-security-advisory-23-0009 • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') •

CVSS: 9.8EPSS: 0%CPEs: 3EXPL: 0

A SQL Injection vulnerability has been identified in the MiVoice Office 400 SMB Controller through 1.2.5.23 which could allow a malicious actor to access sensitive information and execute arbitrary database and management operations. • https://www.mitel.com/support/security-advisories/mitel-product-security-advisory-23-0008 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •

CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0

A vulnerability in the web admin component of Mitel MiVoice Office 400, versions R5.0 HF3 (v8839a1) and earlier, could allow an unauthenticated attacker to conduct a reflected cross-site scripting (XSS) attack, due to insufficient validation for the start.asp page. A successful exploit could allow the attacker to execute arbitrary scripts to access sensitive browser-based information. Una vulnerabilidad en el componente web admin de Mitel MiVoice Office 400, en versiones R5.0 HF3 (v8839a1) y anteriores, podría permitir que un atacante no autenticado lleve a cabo un ataque Cross-Site Scripting (XSS) reflejado debido a la validación insuficiente de la página start.asp. Su explotación con éxito podría permitir al atacante ejecutar scripts arbitrarios para acceder a información sensible del navegador. • https://www.mitel.com/en-ca/support/security-advisories/mitel-product-security-advisory-18-0008 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •