First published: Mon Mar 02 2020(Updated: )
A cross-site scripting (XSS) vulnerability in the web conferencing component of the Mitel MiCollab application before 9.0.15 for Android could allow an unauthenticated attacker to conduct a reflected cross-site scripting (XSS) attack due to insufficient validation in the file upload interface. A successful exploit could allow an attacker to execute arbitrary scripts.
Credit: cve@mitre.org
Affected Software | Affected Version | How to fix |
---|---|---|
Mitel Micollab | <9.0.15 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
The vulnerability ID for this cross-site scripting (XSS) vulnerability is CVE-2019-19370.
The affected software for this vulnerability is Mitel MiCollab version up to 9.0.15 for Android.
The severity level of CVE-2019-19370 is medium (6.1).
An unauthenticated attacker can exploit this vulnerability by conducting a reflected cross-site scripting (XSS) attack through the file upload interface.
Yes, Mitel has released a fix for this vulnerability. It is recommended to update to version 9.0.15 or higher for Android.