CVE-2020-25606Improper Input Validation in Micollab

CWE-20Improper Input ValidationCWE-79Cross-site Scripting3 documents3 sources
Severity
6.1MEDIUMNVD
EPSS
0.4%
top 41.86%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Mitel Micollab
Timeline
PublishedDec 18
Latest updateMay 24

Description

The AWV component of Mitel MiCollab before 9.2 could allow an attacker to view system information by sending arbitrary code due to improper input validation, aka XSS.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:NExploitability: 2.8 | Impact: 2.7

Affected Packages1 packages

NVDmitel/micollab< 9.2

🔴Vulnerability Details

2
GHSA
GHSA-2vgw-q9j2-j47q: The AWV component of Mitel MiCollab before 92022-05-24
CVEList
CVE-2020-25606: The AWV component of Mitel MiCollab before 92020-12-18
CVE-2020-25606 — Improper Input Validation in Micollab | cvebase