1191 matches found
CVE-2025-67823
A vulnerability in the Multimedia Email component of Mitel MiContact Center Business through 10.2.0.10 and Mitel CX through 1.1.0.1 could allow an unauthenticated attacker to conduct a Cross-Site Scripting XSS attack due to insufficient input validation. A successful exploit requires user...
PT-2026-3136
Name of the Vulnerable Software and Affected Versions Mitel MiContact Center Business versions through 10.2.0.10 Mitel CX versions through 1.1.0.1 Description A flaw exists in the Multimedia Email component that could allow an unauthenticated attacker to perform a Cross-Site Scripting XSS attack...
PT-2026-3135
Name of the Vulnerable Software and Affected Versions Mitel MiVoice MX-ONE versions 7.3.0.0.50 through 7.8.1.0.14 Description A flaw exists in the Provisioning Manager component that allows an unauthenticated attacker to bypass authentication. A successful exploit could grant unauthorized access ...
CVE-2025-67822
A vulnerability in the Provisioning Manager component of Mitel MiVoice MX-ONE 7.3 7.3.0.0.50 through 7.8 SP1 7.8.1.0.14 could allow an unauthenticated attacker to conduct an authentication bypass attack due to improper authentication mechanisms. A successful exploit could allow an attacker to gai...
Mitel MiVoice MX-ONE security vulnerabilities
Mitel MiVoice MX-ONE is a comprehensive communication solution provided by the Canadian company Mitel. Versions 7.3 to 7.8 SP1 of Mitel MiVoice MX-ONE contain security vulnerabilities. These vulnerabilities stem from improper authentication mechanisms, which may allow for bypasses during...
CVE-2025-67823
A vulnerability in the Multimedia Email component of Mitel MiContact Center Business through 10.2.0.10 and Mitel CX through 1.1.0.1 could allow an unauthenticated attacker to conduct a Cross-Site Scripting XSS attack due to insufficient input validation. A successful exploit requires user...
CVE-2025-67823
CVE-2025-67823 affects Mitel MiContact Center Business up to version 10.2.0.10 and Mitel CX up to 1.1.0.1. The vulnerability is in the Multimedia Email component and stems from insufficient input validation, enabling an unauthenticated attacker to perform a Cross-Site Scripting (XSS) attack. A su...
CVE-2025-67822
The CVE‑2025‑67822 affects Mitel MiVoice MX‑ONE, Provisioning Manager: versions 7.3.0.0.50 through 7.8.1.0.14 exposed to an unauthenticated authentication bypass in the Provisioning Manager. The root cause is improper authentication mechanisms, enabling an attacker to gain unauthorized access to ...
CVE-2025-67822
A vulnerability in the Provisioning Manager component of Mitel MiVoice MX-ONE 7.3 7.3.0.0.50 through 7.8 SP1 7.8.1.0.14 could allow an unauthenticated attacker to conduct an authentication bypass attack due to improper authentication mechanisms. A successful exploit could allow an attacker to gai...
CVE-2023-25597
A vulnerability in the web conferencing component of Mitel MiCollab through 9.6.2.9 could allow an unauthenticated attacker to download a shared file via a crafted request - including the exact path and filename - due to improper authentication control. A successful exploit could allow access to...
CVE-2023-25599
A vulnerability in the conferencing component of Mitel MiVoice Connect through 19.3 SP2, 22.24.1500.0 could allow an unauthenticated attacker to conduct a reflected cross-site scripting XSS attack due to insufficient validation for the testpresenter.php page. A successful exploit could allow an...
CVE-2023-25598
A vulnerability in the conferencing component of Mitel MiVoice Connect through 19.3 SP2 and 20.x, 21.x, and 22.x through 22.24.1500.0 could allow an unauthenticated attacker to conduct a reflected cross-site scripting XSS attack due to insufficient validation for the home.php page. A successful...
CVE-2023-31459
A vulnerability in the Connect Mobility Router component of Mitel MiVoice Connect versions 9.6.2208.101 and earlier could allow an unauthenticated attacker with internal network access to authenticate with administrative privileges, because the initial installation does not enforce a password...
CVE-2025-23093
The Platform component of Mitel OpenScape 4000 and OpenScape 4000 Manager through V10 R1.54.1 and V11 through R0.22.1 could allow an authenticated attacker to conduct a privilege escalation attack due to the execution of a resource with unnecessary privileges. A successful exploit could allow an...
CVE-2022-26143
The TP-240 aka tp240dvr component in Mitel MiCollab before 9.4 SP1 FP1 and MiVoice Business Express through 8.1 allows remote attackers to obtain sensitive information and cause a denial of service performance degradation and excessive outbound traffic. This was exploited in the wild in February...
CVE-2008-6797
The server in Mitel NuPoint Messenger R11 and R3 sends usernames and passwords in cleartext to Exchange servers, which allows remote attackers to obtain sensitive information by sniffing the network...
CVE-2019-18863
A key length vulnerability in the implementation of the SRTP 128-bit key on Mitel 6800 and 6900 SIP series phones, versions 5.1.0.2051 SP2 and earlier, could allow an attacker to launch a man-in-the-middle attack when SRTP is used in a call. A successful exploit may allow the attacker to intercep...
CVE-2020-12679
A reflected cross-site scripting XSS vulnerability in the Mitel ShoreTel Conference Web Application 19.50.1000.0 before MiVoice Connect 18.7 SP2 allows remote attackers to inject arbitrary JavaScript and HTML via the PATHINFO to home.php...
CVE-2020-10211
A remote code execution vulnerability in UCB component of Mitel MiVoice Connect before 19.1 SP1 could allow an unauthenticated remote attacker to execute arbitrary scripts due to insufficient validation of URL parameters. A successful exploit could allow an attacker to gain access to sensitive...
CVE-2020-10377
A weak encryption vulnerability in Mitel MiVoice Connect Client before 214.100.1214.0 could allow an unauthenticated attacker to gain access to user credentials. A successful exploit could allow an attacker to access the system with compromised user credentials...