Vulnerabilities > Mitel > Connect Onsite
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2019-03-06 | CVE-2019-9593 | Cross-site Scripting vulnerability in Mitel Connect Onsite 18.82.2000.0 A reflected Cross-site scripting (XSS) vulnerability in ShoreTel Connect ONSITE 18.82.2000.0 allows remote attackers to inject arbitrary web script or HTML via the page parameter. | 6.1 |
| 2019-03-06 | CVE-2019-9592 | Cross-site Scripting vulnerability in Mitel Connect Onsite 19.45.1602.0 A reflected Cross-site scripting (XSS) vulnerability in ShoreTel Connect ONSITE 19.45.1602.0 allows remote attackers to inject arbitrary web script or HTML via the url parameter. | 6.1 |
| 2019-03-06 | CVE-2019-9591 | Cross-site Scripting vulnerability in Mitel Connect Onsite 18.82.2000.0/19.45.1602.0 A reflected Cross-site scripting (XSS) vulnerability in ShoreTel Connect ONSITE before 19.49.1500.0 allows remote attackers to inject arbitrary web script or HTML via the brandUrl parameter. | 6.1 |
| 2018-03-14 | CVE-2018-5782 | Code Injection vulnerability in Mitel Connect Onsite and St14.2 A vulnerability in the conferencing component of Mitel Connect ONSITE, versions R1711-PREM and earlier, and Mitel ST 14.2, release GA28 and earlier, could allow an unauthenticated attacker to inject PHP code using specially crafted requests to the vsethost.php page. | 9.8 |
| 2018-03-14 | CVE-2018-5781 | Code Injection vulnerability in Mitel Connect Onsite and St14.2 A vulnerability in the conferencing component of Mitel Connect ONSITE, versions R1711-PREM and earlier, and Mitel ST 14.2, release GA28 and earlier, could allow an unauthenticated attacker to inject PHP code using specially crafted requests to the vendrecording.php page. | 9.8 |
| 2018-03-14 | CVE-2018-5780 | Code Injection vulnerability in Mitel Connect Onsite and St14.2 A vulnerability in the conferencing component of Mitel Connect ONSITE, versions R1711-PREM and earlier, and Mitel ST 14.2, release GA28 and earlier, could allow an unauthenticated attacker to inject PHP code using specially crafted requests to the vnewmeeting.php page. | 9.8 |
| 2018-03-14 | CVE-2018-5779 | Code Injection vulnerability in Mitel Connect Onsite and St14.2 A vulnerability in the conferencing component of Mitel Connect ONSITE, versions R1711-PREM and earlier, and Mitel ST 14.2, release GA28 and earlier, could allow an unauthenticated attacker to copy a malicious script into a newly generated PHP file and then execute the generated file using specially crafted requests. | 9.8 |