Published: 09/11/2020 Updated: 18/11/2020

CVSS v2 Base Score: 4.3 | Impact Score: 2.9 | Exploitability Score: 8.6

CVSS v3 Base Score: 6.1 | Impact Score: 2.7 | Exploitability Score: 2.8

VMScore: 383

Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N

The conferencing component on Mitel ShoreTel 19.46.1802.0 devices could allow an unauthenticated malicious user to conduct a reflected cross-site scripting (XSS) attack (via the PATH_INFO to index.php) due to insufficient validation for the time_zone object in the HOME_MEETING& page.

Vulnerable Product	Search on Vulmon	Subscribe to Product
mitel shoretel_firmware 19.46.1802.0

ShoreTel Conferencing version 194618020 suffers from a cross site scripting vulnerability ...

CVE-2020-28351 - Reflected Cross-Site Scripting attack in ShoreTel version 19.46.1802.0.

ShoreTel 194618020 Reflected Cross Site Scripting Attack The conferencing component on Mitel ShoreTel 194618020 devices could allow an unauthenticated attacker to conduct a reflected cross-site scripting attack (XSS) via the PATH_INFO to indexphp, due to insufficient validation for the time_zone object in the HOME_MEETING& page Vulnerable payload /indexphp/%22%

CWE-79 https://www.mitel.com/articles/what-happened-shoretel-products https://github.com/dievus/cve-2020-28351 http://packetstormsecurity.com/files/159987/ShoreTel-Conferencing-19.46.1802.0-Cross-Site-Scripting.html https://nvd.nist.gov https://github.com/dievus/CVE-2020-28351 https://packetstormsecurity.com/files/159987/ShoreTel-Conferencing-19.46.1802.0-Cross-Site-Scripting.html

CVE-2020-28351

Vulnerability Summary

Vulnerability Trend

Exploits

Github Repositories

References

Vulmon Search

About

Products

Connect