58 matches found
Mitel ShoreTel 19.46.1802.0 Devices - Cross-Site Scripting
Mitel ShoreTel 19.46.1802.0 devices and their conference component are vulnerable to an unauthenticated attacker conducting reflected cross-site scripting attacks via the PATHINFO variable to index.php due to insufficient validation for the timezone object in the HOMEMEETING& page. id:...
CVE-2020-12679
A reflected cross-site scripting XSS vulnerability in the Mitel ShoreTel Conference Web Application 19.50.1000.0 before MiVoice Connect 18.7 SP2 allows remote attackers to inject arbitrary JavaScript and HTML via the PATHINFO to home.php...
EUVD-2019-18963
Malware in sbrugna...
EUVD-2019-18962
Malware in sbrugna...
EUVD-2019-18964
Malware in sbrugna...
EUVD-2020-20812
Malware in sbrugna...
EUVD-2020-4975
Malware in sbrugna...
EUVD-2016-7483
Malware in sbrugna...
CVE-2020-28351
The conferencing component on Mitel ShoreTel 19.46.1802.0 devices could allow an unauthenticated attacker to conduct a reflected cross-site scripting XSS attack via the PATHINFO to index.php due to insufficient validation for the timezone object in the HOMEMEETING& page...
Mitel ShoreTel conferencing component cross-site scripting vulnerability
Mitel Connect Mitel ShoreTel is a software for office communication from Mitel Canada. The software provides access to corporate contacts, support for selecting contacts to open meetings, and an interface to manage calls and voicemail. A cross-site scripting vulnerability exists in the conferenci...
ShoreTel Conferencing 19.46.1802.0 Cross Site Scripting
Exploit Title: ShoreTel Conferencing 19.46.1802.0 - Reflected Cross-Site Scripting Date: 11/8/2020 Exploit Author: Joe Helle Vendor Homepage: https://www.mitel.com/articles/what-happened-shoretel-products Version: 19.46.1802.0 Tested on: Linux CVE: 2020-28351 PoC: The conferencing component on...
ShoreTel Conferencing 19.46.1802.0 - Reflected Cross-Site Scripting
Exploit Title: ShoreTel Conferencing 19.46.1802.0 - Reflected Cross-Site Scripting Date: 11/8/2020 Exploit Author: Joe Helle Vendor Homepage: https://www.mitel.com/articles/what-happened-shoretel-products Version: 19.46.1802.0 Tested on: Linux CVE: 2020-28351 PoC: The conferencing component on...
CVE-2020-28351
The conferencing component on Mitel ShoreTel 19.46.1802.0 devices could allow an unauthenticated attacker to conduct a reflected cross-site scripting XSS attack via the PATHINFO to index.php due to insufficient validation for the timezone object in the HOMEMEETING& page...
CVE-2020-28351
The conferencing component on Mitel ShoreTel 19.46.1802.0 devices could allow an unauthenticated attacker to conduct a reflected cross-site scripting XSS attack via the PATHINFO to index.php due to insufficient validation for the timezone object in the HOMEMEETING& page...
Cross site scripting
The conferencing component on Mitel ShoreTel 19.46.1802.0 devices could allow an unauthenticated attacker to conduct a reflected cross-site scripting XSS attack via the PATHINFO to index.php due to insufficient validation for the timezone object in the HOMEMEETING& page...
CVE-2020-28351
The conferencing component on Mitel ShoreTel 19.46.1802.0 devices could allow an unauthenticated attacker to conduct a reflected cross-site scripting XSS attack via the PATHINFO to index.php due to insufficient validation for the timezone object in the HOMEMEETING& page...
CVE-2020-28351
Mitel ShoreTel 19.46.1802.0 devices are affected by CVE-2020-28351: an unauthenticated attacker can perform a reflected XSS via PATH_INFO to index.php due to insufficient validation of the time_zone object in the HOME_MEETING& page. Multiple sources (including Exploit-DB) provide a PoC showing a ...
Mitel Networks ShoreTel Conference Cross-Site Scripting Vulnerability
Mitel Networks ShoreTel Conference is a suite of teleconferencing solutions from Mitel Networks Canada. A cross-site scripting vulnerability exists in the home.php file in Mitel Networks ShoreTel Conference version 19.50.1000.0. A remote attacker can exploit this vulnerability to inject arbitrary...
CVE-2020-12679
A reflected cross-site scripting XSS vulnerability in the Mitel ShoreTel Conference Web Application 19.50.1000.0 before MiVoice Connect 18.7 SP2 allows remote attackers to inject arbitrary JavaScript and HTML via the PATHINFO to home.php...
CVE-2020-12679
A reflected cross-site scripting XSS vulnerability in the Mitel ShoreTel Conference Web Application 19.50.1000.0 before MiVoice Connect 18.7 SP2 allows remote attackers to inject arbitrary JavaScript and HTML via the PATHINFO to home.php...