CVE-2020-25609 — Cross-site Scripting in Micollab

CWE-79 — Cross-site Scripting3 documents3 sources

Severity

5.4MEDIUMNVD

EPSS

0.5%

top 34.11%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Mitel Micollab

Timeline

PublishedDec 18

Latest updateMay 24

Description

The NuPoint Messenger Portal of Mitel MiCollab before 9.2 could allow an authenticated attacker to execute arbitrary scripts due to insufficient input validation, aka XSS. A successful exploit could allow an attacker to view and modify user data.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:NExploitability: 2.3 | Impact: 2.7

Affected Packages1 packages

▶NVDmitel/micollab< 9.2

🔴Vulnerability Details

GHSA

GHSA-5xj2-h84j-jqmg: The NuPoint Messenger Portal of Mitel MiCollab before 9↗2022-05-24

▶

CVEList

CVE-2020-25609: The NuPoint Messenger Portal of Mitel MiCollab before 9↗2020-12-18

▶