CVE-2020-24692

EUVD-2020-17406
The Ignite portal in Mitel MiContact Center Business before 9.3.0.0 could allow an attacker to execute arbitrary scripts due to insufficient input validation, aka XSS. A successful exploit could allow an attacker to gain access to a user session.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
7.1 HIGH
LOCAL
LOW
LOW
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
Base Score
CVSS 3.x
EPSS Score
Percentile: 34%
Affected Products (NVD)
VendorProductVersion
mitelmicontact_center_business
𝑥
< 9.3.0.0
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
https://www.mitel.com/support/security-advisories
https://www.mitel.com/support/security-advisories/mitel-product-security-advisory-20-0011
https://www.mitel.com/support/security-advisories
https://www.mitel.com/support/security-advisories/mitel-product-security-advisory-20-0011