CVE-2023-25598

  1. OpenCVE
  2. Vulnerabilities (CVE)
  3. CVE-2023-25598
A vulnerability in the conferencing component of Mitel MiVoice Connect through 19.3 SP2 and 20.x, 21.x, and 22.x through 22.24.1500.0 could allow an unauthenticated attacker to conduct a reflected cross-site scripting (XSS) attack due to insufficient validation for the home.php page. A successful exploit could allow an attacker to execute arbitrary scripts.

6.1 /10

CVSS v3 : MEDIUM

V3 Legend

Vector :

Exploitability : 2.8 / Impact : 2.7

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction REQUIRED

Confidentiality Impact LOW

Integrity Impact LOW

Availability Impact NONE

Scope CHANGED

References
Link Resource
https://www.mitel.com/support/security-advisories Vendor Advisory
https://www.mitel.com/support/security-advisories/mitel-product-security-advisory-23-0003 Vendor Advisory
Configurations

Configuration 1 (hide)

cpe:2.3:a:mitel:mivoice_connect:*:*:*:*:*:*:*:*
History

01 Jun 2023, 02:08

Type Values Removed Values Added
First Time Mitel
Mitel mivoice Connect
CVSS v2 : unknown
v3 : unknown 		v2 : unknown
v3 : 6.1
CWE CWE-79
CPE cpe:2.3:a:mitel:mivoice_connect:*:*:*:*:*:*:*:*
References (MISC) https://www.mitel.com/support/security-advisories/mitel-product-security-advisory-23-0003 - (MISC) https://www.mitel.com/support/security-advisories/mitel-product-security-advisory-23-0003 - Vendor Advisory
References (MISC) https://www.mitel.com/support/security-advisories - (MISC) https://www.mitel.com/support/security-advisories - Vendor Advisory

24 May 2023, 20:15

Type Values Removed Values Added
New CVE
Information

Published : 2023-05-24 20:15

Updated : 2023-12-10 15:01

NVD link : CVE-2023-25598

Mitre link : CVE-2023-25598

CVE.ORG link : CVE-2023-25598

JSON object : View

Products Affected

mitel

  • mivoice_connect
CWE
CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')