A vulnerability in the web admin component of Mitel MiVoice Office 400, versions R5.0 HF3 (v8839a1) and previous versions, could allow an unauthenticated malicious user to conduct a reflected cross-site scripting (XSS) attack, due to insufficient validation for the start.asp page. A successful exploit could allow the malicious user to execute arbitrary scripts to access sensitive browser-based information.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
mitel mivoice office 400 r5.0 |