CVE-2024-30159

A vulnerability in the web conferencing component of Mitel MiCollab through 9.7.1.110 could allow an authenticated attacker with administrative privileges to conduct a Stored Cross-Site Scripting (XSS) attack due to insufficient validation of user input. A successful exploit could allow an attacker to execute arbitrary scripts.
Configurations

Configuration 1 (hide)

cpe:2.3:a:mitel:micollab:*:*:*:*:*:*:*:*

History

25 Oct 2024, 16:30

Type Values Removed Values Added
CPE cpe:2.3:a:mitel:micollab:*:*:*:*:*:*:*:*
References () https://www.mitel.com/support/security-advisories/mitel-product-security-advisory-24-0005 - () https://www.mitel.com/support/security-advisories/mitel-product-security-advisory-24-0005 - Vendor Advisory
First Time Mitel micollab
Mitel
CVSS v2 : unknown
v3 : unknown
v2 : unknown
v3 : 4.8
CWE CWE-79

23 Oct 2024, 15:12

Type Values Removed Values Added
Summary
  • (es) Una vulnerabilidad en el componente de conferencias web de Mitel MiCollab hasta la versión 9.7.1.110 podría permitir que un atacante autenticado con privilegios administrativos realice un ataque de Cross Site Scripting (XSS) almacenado debido a una validación insuficiente de la entrada del usuario. Una explotación exitosa podría permitir que un atacante ejecute secuencias de comandos arbitrarias.

21 Oct 2024, 21:15

Type Values Removed Values Added
New CVE

Information

Published : 2024-10-21 21:15

Updated : 2024-10-25 16:30


NVD link : CVE-2024-30159

Mitre link : CVE-2024-30159

CVE.ORG link : CVE-2024-30159


JSON object : View

Products Affected

mitel

  • micollab
CWE
CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')