Lucene search
+L

6 matches found

Nuclei
Nuclei
added yesterday76 views

Mitel ShoreTel 19.46.1802.0 Devices - Cross-Site Scripting

Mitel ShoreTel 19.46.1802.0 devices and their conference component are vulnerable to an unauthenticated attacker conducting reflected cross-site scripting attacks via the PATHINFO variable to index.php due to insufficient validation for the timezone object in the HOMEMEETING& page. id:...

6.1CVSS6.3AI score0.15987EPSS
Exploits3References5
RedhatCVE
RedhatCVE
added 2025/05/22 4:17 p.m.29 views

CVE-2020-28351

The conferencing component on Mitel ShoreTel 19.46.1802.0 devices could allow an unauthenticated attacker to conduct a reflected cross-site scripting XSS attack via the PATHINFO to index.php due to insufficient validation for the timezone object in the HOMEMEETING& page...

6.1CVSS6AI score0.15987EPSS
Exploits3
Packet Storm
Packet Storm
added 2020/11/10 12:0 a.m.357 views

ShoreTel Conferencing 19.46.1802.0 Cross Site Scripting

Exploit Title: ShoreTel Conferencing 19.46.1802.0 - Reflected Cross-Site Scripting Date: 11/8/2020 Exploit Author: Joe Helle Vendor Homepage: https://www.mitel.com/articles/what-happened-shoretel-products Version: 19.46.1802.0 Tested on: Linux CVE: 2020-28351 PoC: The conferencing component on...

6.4AI score0.15987EPSS
Exploits3
Exploit DB
Exploit DB
added 2020/11/10 12:0 a.m.326 views

ShoreTel Conferencing 19.46.1802.0 - Reflected Cross-Site Scripting

Exploit Title: ShoreTel Conferencing 19.46.1802.0 - Reflected Cross-Site Scripting Date: 11/8/2020 Exploit Author: Joe Helle Vendor Homepage: https://www.mitel.com/articles/what-happened-shoretel-products Version: 19.46.1802.0 Tested on: Linux CVE: 2020-28351 PoC: The conferencing component on...

6.1CVSS6.3AI score0.15987EPSS
Exploits3
NVD
NVD
added 2020/11/09 4:15 a.m.29 views

CVE-2020-28351

The conferencing component on Mitel ShoreTel 19.46.1802.0 devices could allow an unauthenticated attacker to conduct a reflected cross-site scripting XSS attack via the PATHINFO to index.php due to insufficient validation for the timezone object in the HOMEMEETING& page...

6.1CVSS6.1AI score0.15987EPSS
Exploits3References3
CVE
CVE
added 2020/11/09 3:58 a.m.123 views

CVE-2020-28351

Mitel ShoreTel 19.46.1802.0 devices are affected by CVE-2020-28351: an unauthenticated attacker can perform a reflected XSS via PATH_INFO to index.php due to insufficient validation of the time_zone object in the HOME_MEETING& page. Multiple sources (including Exploit-DB) provide a PoC showing a ...

6.1CVSS6AI score0.15987EPSS
Exploits3References3Affected Software1
Rows per page
Query Builder