CVE-2019-19371 — Cross-site Scripting in Micollab Audio WEB Video Conferencing

CWE-79 — Cross-site Scripting3 documents3 sources

Severity

6.1MEDIUMNVD

EPSS

0.3%

top 44.46%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Mitel Micollab Audio WEB Video Conferencing

Timeline

PublishedMar 2

Latest updateMay 24

Description

A cross-site scripting (XSS) vulnerability in the web conferencing component of Mitel MiCollab AWV before 8.1.2.2 could allow an unauthenticated attacker to conduct a reflected cross-site scripting (XSS) attack due to insufficient validation in the join meeting interface. A successful exploit could allow an attacker to execute arbitrary scripts.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:NExploitability: 2.8 | Impact: 2.7

Affected Packages1 packages

▶NVDmitel/micollab_audio_web_video_conferencing8.1 — 8.1.1.11+1

🔴Vulnerability Details

GHSA

GHSA-4c4v-jcwm-2qpx: A cross-site scripting (XSS) vulnerability in the web conferencing component of Mitel MiCollab AWV before 8↗2022-05-24

▶

CVEList

CVE-2019-19371: A cross-site scripting (XSS) vulnerability in the web conferencing component of Mitel MiCollab AWV before 8↗2020-03-02

▶