CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 2CVE-2019-9593 – ShoreTel Connect ONSITE < 19.49.1500.0 - Multiple Vulnerabilities
https://notcve.org/view.php?id=CVE-2019-9593
A reflected Cross-site scripting (XSS) vulnerability in ShoreTel Connect ONSITE 18.82.2000.0 allows remote attackers to inject arbitrary web script or HTML via the page parameter. Una vulnerabilidad de Cross-Site Scripting (XSS) en ShoreTel Connect ONSITE 18.82.2000.0 permite a los atacantes remotos inyectar scripts web o HTML arbitrarios mediante el parámetro page. ShoreTel Connect ONSITE versions prior to 19.49.1500.0 suffer from cross site scripting and session fixation vulnerabilities. • https://www.exploit-db.com/exploits/46666 http://packetstormsecurity.com/files/152431/ShoreTel-Connect-ONSITE-Cross-Site-Scripting-Session-Fixation.html https://github.com/Ramikan/Vulnerabilities/blob/master/Shoretel%20Connect%20Multiple%20Vulnerability • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 3CVE-2019-9592 – ShoreTel Connect ONSITE < 19.49.1500.0 - Multiple Vulnerabilities
https://notcve.org/view.php?id=CVE-2019-9592
A reflected Cross-site scripting (XSS) vulnerability in ShoreTel Connect ONSITE 19.45.1602.0 allows remote attackers to inject arbitrary web script or HTML via the url parameter. Una vulnerabilidad de Cross-Site Scripting (XSS) en ShoreTel Connect ONSITE 19.45.1602.0 permite a los atacantes remotos inyectar scripts web o HTML arbitrarios mediante el parámetro url. ShoreTel Connect ONSITE versions prior to 19.49.1500.0 suffer from cross site scripting and session fixation vulnerabilities. • https://www.exploit-db.com/exploits/46666 http://packetstormsecurity.com/files/152431/ShoreTel-Connect-ONSITE-Cross-Site-Scripting-Session-Fixation.html https://github.com/Ramikan/Vulnerabilities/blob/master/Shoretel%20Connect%20Multiple%20Vulnerability • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 3CVE-2019-9591 – ShoreTel Connect ONSITE < 19.49.1500.0 - Multiple Vulnerabilities
https://notcve.org/view.php?id=CVE-2019-9591
A reflected Cross-site scripting (XSS) vulnerability in ShoreTel Connect ONSITE before 19.49.1500.0 allows remote attackers to inject arbitrary web script or HTML via the brandUrl parameter. Una vulnerabilidad de Cross-Site Scripting (XSS) en ShoreTel Connect ONSITE, en versiones anteriores a la 19.49.1500.0, permite a los atacantes remotos inyectar scripts web o HTML arbitrarios mediante el parámetro brandUrl. ShoreTel Connect ONSITE versions prior to 19.49.1500.0 suffer from cross site scripting and session fixation vulnerabilities. • https://www.exploit-db.com/exploits/46666 http://packetstormsecurity.com/files/152431/ShoreTel-Connect-ONSITE-Cross-Site-Scripting-Session-Fixation.html https://github.com/Ramikan/Vulnerabilities/blob/master/Shoretel%20Connect%20Multiple%20Vulnerability • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0CVE-2018-16226
https://notcve.org/view.php?id=CVE-2018-16226
A vulnerability in the web admin component of Mitel MiVoice Office 400, versions R5.0 HF3 (v8839a1) and earlier, could allow an unauthenticated attacker to conduct a reflected cross-site scripting (XSS) attack, due to insufficient validation for the start.asp page. A successful exploit could allow the attacker to execute arbitrary scripts to access sensitive browser-based information. Una vulnerabilidad en el componente web admin de Mitel MiVoice Office 400, en versiones R5.0 HF3 (v8839a1) y anteriores, podría permitir que un atacante no autenticado lleve a cabo un ataque Cross-Site Scripting (XSS) reflejado debido a la validación insuficiente de la página start.asp. Su explotación con éxito podría permitir al atacante ejecutar scripts arbitrarios para acceder a información sensible del navegador. • https://www.mitel.com/en-ca/support/security-advisories/mitel-product-security-advisory-18-0008 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 10.0EPSS: 1%CPEs: 2EXPL: 1CVE-2018-15497
https://notcve.org/view.php?id=CVE-2018-15497
The Mitel MiVoice 5330e VoIP device is affected by memory corruption flaws in the SIP/SDP packet handling functionality. An attacker can exploit this issue remotely, by sending a particular pattern of SIP/SDP packets, to cause a denial of service state in the affected devices and probably remote code execution. El dispositivo Mitel MiVoice 5330e VoIP se ha visto afectado por errores de corrupción de memoria en la funcionalidad de manejo de paquetes SIP/SDP. Un atacante puede explotar este problema de forma remota mediante el envío de un patrón en concreto de paquetes SIP/SDP para provocar un estado de denegación de servicio (DoS) en los dispositivos afectados y una ejecución remota de código. • https://www.mitel.com/en-ca/support/security-advisories/mitel-product-security-advisory-18-0009 https://www.nccgroup.trust/uk/our-research/technical-advisory-mitel-mivoice-5330e-memory-corruption-flaw • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •