CVE-2024-30160

A vulnerability in the Suite Applications Services component of Mitel MiCollab through 9.7.1.110 could allow an authenticated attacker with administrative privileges to conduct a Stored Cross-Site Scripting (XSS) attack due to insufficient validation of user input. A successful exploit could allow an attacker to execute arbitrary scripts.
Configurations

Configuration 1 (hide)

cpe:2.3:a:mitel:micollab:*:*:*:*:*:*:*:*

History

25 Oct 2024, 16:30

Type Values Removed Values Added
CVSS v2 : unknown
v3 : unknown
v2 : unknown
v3 : 4.8
CPE cpe:2.3:a:mitel:micollab:*:*:*:*:*:*:*:*
CWE CWE-79
References () https://www.mitel.com/support/security-advisories/mitel-product-security-advisory-24-0005 - () https://www.mitel.com/support/security-advisories/mitel-product-security-advisory-24-0005 - Vendor Advisory
First Time Mitel
Mitel micollab

23 Oct 2024, 15:12

Type Values Removed Values Added
Summary
  • (es) Una vulnerabilidad en el componente Suite Applications Services de Mitel MiCollab hasta la versión 9.7.1.110 podría permitir que un atacante autenticado con privilegios administrativos realice un ataque de Cross Site Scripting (XSS) Almacenado debido a una validación insuficiente de la entrada del usuario. Una explotación exitosa podría permitir que un atacante ejecute secuencias de comandos arbitrarias.

21 Oct 2024, 21:15

Type Values Removed Values Added
New CVE

Information

Published : 2024-10-21 21:15

Updated : 2024-10-25 16:30


NVD link : CVE-2024-30160

Mitre link : CVE-2024-30160

CVE.ORG link : CVE-2024-30160


JSON object : View

Products Affected

mitel

  • micollab
CWE
CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')