CVE-2018-9104
 
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
A vulnerability in the conferencing component of Mitel MiVoice Connect, versions R1707-PREM SP1 (21.84.5535.0) and earlier, and Mitel ST 14.2, versions GA27 (19.49.5200.0) and earlier, could allow an unauthenticated attacker to conduct a reflected cross-site scripting (XSS) attack due to insufficient validation for the api.php page. A successful exploit could allow an attacker to execute arbitrary scripts.
Una vulnerabilidad en el componente conferencing de Mitel MiVoice Connect, en versiones R1707-PREM SP1 (21.84.5535.0) y anteriores y Mitel ST 14.2, en versiones GA27 (19.49.5200.0) y anteriores, podría permitir que un atacante no autenticado lleve a cabo un ataque de Cross-Site Scripting (XSS) reflejado debido a la validación insuficiente de la página api.php. Su explotación con éxito podría permitir que el atacante ejecute scripts arbitrarios.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2018-03-27 CVE Reserved
- 2018-04-25 CVE Published
- 2024-03-04 EPSS Updated
- 2024-08-05 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CAPEC
References (2)
URL | Tag | Source |
---|
URL | Date | SRC |
---|
URL | Date | SRC |
---|
URL | Date | SRC |
---|---|---|
https://www.mitel.com/mitel-product-security-advisory-18-0003 | 2018-05-24 | |
https://www.mitel.com/sites/default/files/2018-Security-Bulletin-18-0003-001.pdf | 2018-05-24 |
Affected Vendors, Products, and Versions
Vendor | Product | Version | Other | Status | ||||||
---|---|---|---|---|---|---|---|---|---|---|
Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
Mitel Search vendor "Mitel" | Mivoice Connect Search vendor "Mitel" for product "Mivoice Connect" | <= 21.84.5535.0 Search vendor "Mitel" for product "Mivoice Connect" and version " <= 21.84.5535.0" | - |
Affected
| ||||||
Mitel Search vendor "Mitel" | St 14.2 Search vendor "Mitel" for product "St 14.2" | <= 19.49.5200.0 Search vendor "Mitel" for product "St 14.2" and version " <= 19.49.5200.0" | - |
Affected
|