Vulnerabilities > Mitel
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2019-03-06 | CVE-2019-9593 | Cross-site Scripting vulnerability in Mitel Connect Onsite 18.82.2000.0 A reflected Cross-site scripting (XSS) vulnerability in ShoreTel Connect ONSITE 18.82.2000.0 allows remote attackers to inject arbitrary web script or HTML via the page parameter. | 6.1 |
| 2019-03-06 | CVE-2019-9592 | Cross-site Scripting vulnerability in Mitel Connect Onsite 19.45.1602.0 A reflected Cross-site scripting (XSS) vulnerability in ShoreTel Connect ONSITE 19.45.1602.0 allows remote attackers to inject arbitrary web script or HTML via the url parameter. | 6.1 |
| 2019-03-06 | CVE-2019-9591 | Cross-site Scripting vulnerability in Mitel Connect Onsite 18.82.2000.0/19.45.1602.0 A reflected Cross-site scripting (XSS) vulnerability in ShoreTel Connect ONSITE before 19.49.1500.0 allows remote attackers to inject arbitrary web script or HTML via the brandUrl parameter. | 6.1 |
| 2018-10-23 | CVE-2018-16226 | Cross-site Scripting vulnerability in Mitel Mivoice Office 400 R5.0 A vulnerability in the web admin component of Mitel MiVoice Office 400, versions R5.0 HF3 (v8839a1) and earlier, could allow an unauthenticated attacker to conduct a reflected cross-site scripting (XSS) attack, due to insufficient validation for the start.asp page. | 6.1 |
| 2018-10-23 | CVE-2018-15497 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Mitel Mivoice 5330E Firmware 6.5.0.16 The Mitel MiVoice 5330e VoIP device is affected by memory corruption flaws in the SIP/SDP packet handling functionality. | 9.8 |
| 2018-10-23 | CVE-2018-12901 | Cross-site Scripting vulnerability in Mitel ST Firmware A vulnerability in the conferencing component of Mitel ST 14.2, versions GA29 (19.49.9400.0) and earlier, could allow an unauthenticated attacker to conduct a reflected cross-site scripting (XSS) attack due to insufficient validation for the signin.php page. | 6.1 |
| 2018-07-13 | CVE-2016-6562 | Improper Certificate Validation vulnerability in Mitel Shortel Mobility Client 9.1.3.109 On iOS and Android devices, the ShoreTel Mobility Client app version 9.1.3.109 fails to properly validate SSL certificates provided by HTTPS connections, which means that an attacker in the position to perform MITM attacks may be able to obtain sensitive account information such as login credentials. | 7.5 |
| 2018-05-22 | CVE-2018-3639 | Information Exposure Through Discrepancy vulnerability in multiple products Systems with microprocessors utilizing speculative execution and speculative execution of memory reads before the addresses of all prior memory writes are known may allow unauthorized disclosure of information to an attacker with local user access via a side-channel analysis, aka Speculative Store Bypass (SSB), Variant 4. | 5.5 |
| 2018-04-25 | CVE-2018-9104 | Cross-site Scripting vulnerability in Mitel Mivoice Connect and ST 14.2 A vulnerability in the conferencing component of Mitel MiVoice Connect, versions R1707-PREM SP1 (21.84.5535.0) and earlier, and Mitel ST 14.2, versions GA27 (19.49.5200.0) and earlier, could allow an unauthenticated attacker to conduct a reflected cross-site scripting (XSS) attack due to insufficient validation for the api.php page. | 6.1 |
| 2018-04-25 | CVE-2018-9103 | Cross-site Scripting vulnerability in Mitel Mivoice Connect and ST 14.2 A vulnerability in the conferencing component of Mitel MiVoice Connect, versions R1707-PREM SP1 (21.84.5535.0) and earlier, and Mitel ST 14.2, versions GA27 (19.49.5200.0) and earlier, could allow an unauthenticated attacker to conduct a reflected cross-site scripting (XSS) attack due to insufficient validation for the signin.php page. | 6.1 |