Mitel Mivoice Connect vulnerabilities
22 known vulnerabilities affecting mitel/mivoice_connect.
Total CVEs
22
CISA KEV
3
actively exploited
Public exploits
0
Exploited in wild
3
Severity breakdown
CRITICAL5HIGH4MEDIUM13
Vulnerabilities
Page 2 of 2
CVE-2020-12679P4MEDIUMCVSS 6.1fixed in 21.90.9743.02020-05-07
CVE-2020-12679 [MEDIUM] CWE-79 CVE-2020-12679: A reflected cross-site scripting (XSS) vulnerability in the Mitel ShoreTel Conference Web Applicatio
A reflected cross-site scripting (XSS) vulnerability in the Mitel ShoreTel Conference Web Application 19.50.1000.0 before MiVoice Connect 18.7 SP2 allows remote attackers to inject arbitrary JavaScript and HTML via the PATH_INFO to home.php.
nvd
CVE-2023-39285P4MEDIUMCVSS 4.3fixed in 22.24.7100.02023-09-14
CVE-2023-39285 [MEDIUM] CWE-352 CVE-2023-39285: A vulnerability in the Edge Gateway component of Mitel MiVoice Connect through 19.3 SP3 (22.24.5800.
A vulnerability in the Edge Gateway component of Mitel MiVoice Connect through 19.3 SP3 (22.24.5800.0) could allow an unauthenticated attacker to perform a Cross Site Request Forgery (CSRF) attack due to insufficient request validation. A successful exploit could allow an attacker to provide a modified URL, potentially enabling them to modify system
nvd
← Previous2 / 2