First published: Tue Oct 23 2018(Updated: )
A vulnerability in the web admin component of Mitel MiVoice Office 400, versions R5.0 HF3 (v8839a1) and earlier, could allow an unauthenticated attacker to conduct a reflected cross-site scripting (XSS) attack, due to insufficient validation for the start.asp page. A successful exploit could allow the attacker to execute arbitrary scripts to access sensitive browser-based information.
Credit: cve@mitre.org
Affected Software | Affected Version | How to fix |
---|---|---|
Mitel MiVoice Office 400 | =r5.0-hotfix3 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2018-16226 is a vulnerability in the web admin component of Mitel MiVoice Office 400, versions R5.0 HF3 (v8839a1) and earlier, that could allow an unauthenticated attacker to conduct a reflected cross-site scripting (XSS) attack.
CVE-2018-16226 has a severity rating of 6.1, which is considered medium.
CVE-2018-16226 affects Mitel MiVoice Office 400 versions R5.0 HF3 (v8839a1) and earlier.
The impact of CVE-2018-16226 is that an unauthenticated attacker could conduct a reflected cross-site scripting (XSS) attack.
Yes, Mitel has released a hotfix to address the vulnerability. Please refer to the Mitel Product Security Advisory 18-0008 for more information.