Vulnerabilities > Mitel > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2019-03-06 | CVE-2019-9593 | Cross-site Scripting vulnerability in Mitel Connect Onsite 18.82.2000.0 A reflected Cross-site scripting (XSS) vulnerability in ShoreTel Connect ONSITE 18.82.2000.0 allows remote attackers to inject arbitrary web script or HTML via the page parameter. | 6.1 |
| 2019-03-06 | CVE-2019-9592 | Cross-site Scripting vulnerability in Mitel Connect Onsite 19.45.1602.0 A reflected Cross-site scripting (XSS) vulnerability in ShoreTel Connect ONSITE 19.45.1602.0 allows remote attackers to inject arbitrary web script or HTML via the url parameter. | 6.1 |
| 2019-03-06 | CVE-2019-9591 | Cross-site Scripting vulnerability in Mitel Connect Onsite 18.82.2000.0/19.45.1602.0 A reflected Cross-site scripting (XSS) vulnerability in ShoreTel Connect ONSITE before 19.49.1500.0 allows remote attackers to inject arbitrary web script or HTML via the brandUrl parameter. | 6.1 |
| 2018-10-23 | CVE-2018-16226 | Cross-site Scripting vulnerability in Mitel Mivoice Office 400 R5.0 A vulnerability in the web admin component of Mitel MiVoice Office 400, versions R5.0 HF3 (v8839a1) and earlier, could allow an unauthenticated attacker to conduct a reflected cross-site scripting (XSS) attack, due to insufficient validation for the start.asp page. | 6.1 |
| 2018-10-23 | CVE-2018-12901 | Cross-site Scripting vulnerability in Mitel ST Firmware A vulnerability in the conferencing component of Mitel ST 14.2, versions GA29 (19.49.9400.0) and earlier, could allow an unauthenticated attacker to conduct a reflected cross-site scripting (XSS) attack due to insufficient validation for the signin.php page. | 6.1 |
| 2018-05-22 | CVE-2018-3639 | Information Exposure Through Discrepancy vulnerability in multiple products Systems with microprocessors utilizing speculative execution and speculative execution of memory reads before the addresses of all prior memory writes are known may allow unauthorized disclosure of information to an attacker with local user access via a side-channel analysis, aka Speculative Store Bypass (SSB), Variant 4. | 5.5 |
| 2018-04-25 | CVE-2018-9104 | Cross-site Scripting vulnerability in Mitel Mivoice Connect and ST 14.2 A vulnerability in the conferencing component of Mitel MiVoice Connect, versions R1707-PREM SP1 (21.84.5535.0) and earlier, and Mitel ST 14.2, versions GA27 (19.49.5200.0) and earlier, could allow an unauthenticated attacker to conduct a reflected cross-site scripting (XSS) attack due to insufficient validation for the api.php page. | 6.1 |
| 2018-04-25 | CVE-2018-9103 | Cross-site Scripting vulnerability in Mitel Mivoice Connect and ST 14.2 A vulnerability in the conferencing component of Mitel MiVoice Connect, versions R1707-PREM SP1 (21.84.5535.0) and earlier, and Mitel ST 14.2, versions GA27 (19.49.5200.0) and earlier, could allow an unauthenticated attacker to conduct a reflected cross-site scripting (XSS) attack due to insufficient validation for the signin.php page. | 6.1 |
| 2018-04-25 | CVE-2018-9102 | SQL Injection vulnerability in Mitel Mivoice Connect and ST 14.2 A vulnerability in the conferencing component of Mitel MiVoice Connect, versions R1707-PREM SP1 (21.84.5535.0) and earlier, and Mitel ST 14.2, versions GA27 (19.49.5200.0) and earlier, could allow an unauthenticated attacker to conduct an SQL injection attack due to insufficient input validation for the signin interface. | 6.5 |
| 2018-04-25 | CVE-2018-9101 | Cross-site Scripting vulnerability in Mitel Mivoice Connect and ST 14.2 A vulnerability in the conferencing component of Mitel MiVoice Connect, versions R1707-PREM SP1 (21.84.5535.0) and earlier, and Mitel ST 14.2, versions GA27 (19.49.5200.0) and earlier, could allow an unauthenticated attacker to conduct a reflected cross-site scripting (XSS) attack due to insufficient validation for the launch_presenter.php page. | 6.1 |