CVSS: 7.4EPSS: 0%CPEs: 4EXPL: 0CVE-2023-25599
https://notcve.org/view.php?id=CVE-2023-25599
A vulnerability in the conferencing component of Mitel MiVoice Connect through 19.3 SP2, 22.24.1500.0 could allow an unauthenticated attacker to conduct a reflected cross-site scripting (XSS) attack due to insufficient validation for the test_presenter.php page. A successful exploit could allow an attacker to execute arbitrary scripts. • https://www.mitel.com/support/security-advisories https://www.mitel.com/support/security-advisories/mitel-product-security-advisory-23-0003 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2023-31457
https://notcve.org/view.php?id=CVE-2023-31457
A vulnerability in the Headquarters server component of Mitel MiVoice Connect versions 19.3 SP2 (22.24.1500.0) and earlier could allow an unauthenticated attacker with internal network access to execute arbitrary scripts due to improper access control. • https://www.mitel.com/support/security-advisories https://www.mitel.com/support/security-advisories/mitel-product-security-advisory-23-0004 •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2023-31458
https://notcve.org/view.php?id=CVE-2023-31458
A vulnerability in the Edge Gateway component of Mitel MiVoice Connect versions 19.3 SP2 (22.24.1500.0) and earlier could allow an unauthenticated attacker with internal network access to authenticate with administrative privileges, because initial installation does not enforce a password change. A successful exploit could allow an attacker to make arbitrary configuration changes and execute arbitrary commands. • https://www.mitel.com/support/security-advisories https://www.mitel.com/support/security-advisories/mitel-product-security-advisory-23-0005 •
CVSS: 6.8EPSS: 0%CPEs: 2EXPL: 0CVE-2022-40765 – Mitel MiVoice Connect Command Injection Vulnerability
https://notcve.org/view.php?id=CVE-2022-40765
A vulnerability in the Edge Gateway component of Mitel MiVoice Connect through 19.3 (22.22.6100.0) could allow an authenticated attacker with internal network access to conduct a command-injection attack, due to insufficient restriction of URL parameters. Una vulnerabilidad en el componente Edge Gateway de Mitel MiVoice Connect hasta la versión 19.3 (22.22.6100.0) podría permitir que un atacante autenticado con acceso a la red interna lleve a cabo un ataque de inyección de comandos, debido a una restricción insuficiente de los parámetros de URL. The Mitel Edge Gateway component of MiVoice Connect allows an authenticated attacker with internal network access to execute commands within the context of the system. • https://www.mitel.com/support/security-advisories https://www.mitel.com/support/security-advisories/mitel-product-security-advisory-22-0007 • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') •
CVSS: 6.8EPSS: 0%CPEs: 2EXPL: 0CVE-2022-41223 – Mitel MiVoice Connect Code Injection Vulnerability
https://notcve.org/view.php?id=CVE-2022-41223
The Director database component of MiVoice Connect through 19.3 (22.22.6100.0) could allow an authenticated attacker to conduct a code-injection attack via crafted data due to insufficient restrictions on the database data type. El componente de base de datos Director de MiVoice Connect hasta la versión 19.3 (22.22.6100.0) podría permitir a un atacante autenticado realizar un ataque de inyección de código a través de datos manipulados debido a restricciones insuficientes en el tipo de datos de la base de datos. The Director component in Mitel MiVoice Connect allows an authenticated attacker with internal network access to execute code within the context of the application. • https://www.mitel.com/support/security-advisories https://www.mitel.com/support/security-advisories/mitel-product-security-advisory-22-0008 • CWE-94: Improper Control of Generation of Code ('Code Injection') •