CVE-2020-28351
published 2020-11-09CVE-2020-28351: The conferencing component on Mitel ShoreTel 19.46.1802.0 devices could allow an unauthenticated attacker to conduct a reflected cross-site scripting (XSS)…
PriorityP347medium6.1CVSS 3.1
AVNACLPRNUIRSCCLILAN
EXPLOIT
EPSS
15.99%
96.5th percentile
The conferencing component on Mitel ShoreTel 19.46.1802.0 devices could allow an unauthenticated attacker to conduct a reflected cross-site scripting (XSS) attack (via the PATH_INFO to index.php) due to insufficient validation for the time_zone object in the HOME_MEETING& page.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| mitel | shoretel_firmware | — | — |
CVSS provenance
nvdv3.16.1MEDIUMCVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
nvdv2.04.3MEDIUMAV:N/AC:M/Au:N/C:N/I:P/A:N
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
Exploit-DB
ShoreTel Conferencing 19.46.1802.0 - Reflected Cross-Site Scripting
exploitdb·2020-11-10·CVSS 6.1
CVE-2020-28351 [MEDIUM] ShoreTel Conferencing 19.46.1802.0 - Reflected Cross-Site Scripting
ShoreTel Conferencing 19.46.1802.0 - Reflected Cross-Site Scripting
---
# Exploit Title: ShoreTel Conferencing 19.46.1802.0 - Reflected Cross-Site Scripting
# Date: 11/8/2020
# Exploit Author: Joe Helle
# Vendor Homepage: https://www.mitel.com/articles/what-happened-shoretel-products
# Version: 19.46.1802.0
# Tested on: Linux
# CVE: 2020-28351
PoC:
The conferencing component on Mitel ShoreTel 19.46.1802.0 devices could
allow an unauthenticated attacker to conduct a reflected cross-site
scripting attack (XSS) via the PATH_INFO to index.php, due to insufficient
validation for the time_zone object in the HOME_MEETING& page.
Vulnerable payload
/index.php/%22%20onmouseover=alert(document.domain)%20?page=HOME
Vulnerability is in the HOME_MEETINGS& page, where a time_zone dropdown
object is
Nuclei
Mitel ShoreTel 19.46.1802.0 Devices - Cross-Site Scripting
nuclei·CVSS 6.1
CVE-2020-28351 [MEDIUM] Mitel ShoreTel 19.46.1802.0 Devices - Cross-Site Scripting
Mitel ShoreTel 19.46.1802.0 Devices - Cross-Site Scripting
Mitel ShoreTel 19.46.1802.0 devices and their conference component are vulnerable to an unauthenticated attacker conducting reflected cross-site scripting attacks via the PATH_INFO variable to index.php due to insufficient validation for the time_zone object in the HOME_MEETING& page.
Template:
id: CVE-2020-28351
info:
name: Mitel ShoreTel 19.46.1802.0 Devices - Cross-Site Scripting
author: pikpikcu
severity: medium
description: |
Mitel ShoreTel 19.46.1802.0 devices and their conference component are vulnerable to an unauthenticated attacker conducting reflected cross-site scripting attacks via the PATH_INFO variable to index.php due to insufficient validation for the time_zone object in the HOME_MEETING& page.
impact: |
Succes
No writeups or analysis indexed.
http://packetstormsecurity.com/files/159987/ShoreTel-Conferencing-19.46.1802.0-Cross-Site-Scripting.htmlhttps://github.com/dievus/cve-2020-28351https://www.mitel.com/articles/what-happened-shoretel-productshttp://packetstormsecurity.com/files/159987/ShoreTel-Conferencing-19.46.1802.0-Cross-Site-Scripting.htmlhttps://github.com/dievus/cve-2020-28351https://www.mitel.com/articles/what-happened-shoretel-products
2020-11-09
Published