CVE-2024-28070

MEDIUM

6.8

Description

A vulnerability in the legacy chat component of Mitel MiContact Center Business through 10.0.0.4 could allow an unauthenticated attacker to conduct a reflected cross-site scripting (XSS) attack due to insufficient input validation. A successful exploit could allow an attacker to access sensitive information and gain unauthorized access.

Details CVE

Score CVSS v3.16.8

SeveriteMEDIUM

Vecteur CVSSCVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:N/A:N

Vecteur d'attaqueNETWORK

ComplexiteLOW

Privileges requisLOW

Interaction utilisateurREQUIRED

Publie3/16/2024

Derniere modification6/2/2025

Sourcenvd

Observations honeypot0

Produits affectes

mitel:micontact_center_business

Faiblesses (CWE)

CWE-79

References

https://www.mitel.com/support/security-advisories/mitel-product-security-advisory-24-0002(cve@mitre.org)

https://www.mitel.com/support/security-advisories/mitel-product-security-advisory-24-0002(af854a3a-2127-422b-91ae-364da2661108)

Correlations IOC

Aucune correlation enregistree

This product uses data from the NVD API but is not endorsed or certified by the NVD.