CVE-2020-25611

EUVD-2020-18290
The AWV portal of Mitel MiCollab before 9.2 could allow an attacker to gain access to conference information by sending arbitrary code due to improper input validation, aka XSS. Successful exploitation could allow an attacker to view user conference information.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
6.1 MEDIUM
NETWORK
LOW
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Base Score
CVSS 3.x
EPSS Score
Percentile: 57%
Affected Products (NVD)
VendorProductVersion
mitelmicollab
𝑥
< 9.2
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
https://www.mitel.com/support/security-advisories
https://www.mitel.com/support/security-advisories