CVE-2021-27401Cross-site Scripting in Micollab

CWE-79Cross-site Scripting3 documents3 sources
Severity
6.1MEDIUMNVD
EPSS
0.3%
top 48.94%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Mitel Micollab
Timeline
PublishedAug 13
Latest updateMay 24

Description

The Join Meeting page of Mitel MiCollab Web Client before 9.2 FP2 could allow an attacker to access (view and modify) user data by executing arbitrary code due to insufficient input validation, aka Cross-Site Scripting (XSS).

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:NExploitability: 2.8 | Impact: 2.7

Affected Packages1 packages

NVDmitel/micollab< 9.2+1

🔴Vulnerability Details

2
GHSA
GHSA-2r9r-8hr4-8x64: The Join Meeting page of Mitel MiCollab Web Client before 92022-05-24
CVEList
CVE-2021-27401: The Join Meeting page of Mitel MiCollab Web Client before 92021-08-13
CVE-2021-27401 — Cross-site Scripting in Mitel Micollab | cvebase