Vulnerabilities > Mitel > Mivoice Office 400
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-08-14 | CVE-2023-39292 | SQL Injection vulnerability in Mitel products A SQL Injection vulnerability has been identified in the MiVoice Office 400 SMB Controller through 1.2.5.23 which could allow a malicious actor to access sensitive information and execute arbitrary database and management operations. | 9.8 |
| 2023-08-14 | CVE-2023-39293 | Command Injection vulnerability in Mitel products A Command Injection vulnerability has been identified in the MiVoice Office 400 SMB Controller through 1.2.5.23 which could allow a malicious actor to execute arbitrary commands within the context of the system. | 9.8 |
| 2018-10-23 | CVE-2018-16226 | Cross-site Scripting vulnerability in Mitel Mivoice Office 400 R5.0 A vulnerability in the web admin component of Mitel MiVoice Office 400, versions R5.0 HF3 (v8839a1) and earlier, could allow an unauthenticated attacker to conduct a reflected cross-site scripting (XSS) attack, due to insufficient validation for the start.asp page. | 6.1 |