CVE-2019-19370: XSS
First published: Mon Mar 02 2020(Updated: )
A cross-site scripting (XSS) vulnerability in the web conferencing component of the Mitel MiCollab application before 9.0.15 for Android could allow an unauthenticated attacker to conduct a reflected cross-site scripting (XSS) attack due to insufficient validation in the file upload interface. A successful exploit could allow an attacker to execute arbitrary scripts.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Mitel Micollab | <9.0.15 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the vulnerability ID for this cross-site scripting (XSS) vulnerability?
The vulnerability ID for this cross-site scripting (XSS) vulnerability is CVE-2019-19370.
What is the affected software for this vulnerability?
The affected software for this vulnerability is Mitel MiCollab version up to 9.0.15 for Android.
What is the severity level of CVE-2019-19370?
The severity level of CVE-2019-19370 is medium (6.1).
How can an unauthenticated attacker exploit this vulnerability?
An unauthenticated attacker can exploit this vulnerability by conducting a reflected cross-site scripting (XSS) attack through the file upload interface.
Is there a fix available for this vulnerability?
Yes, Mitel has released a fix for this vulnerability. It is recommended to update to version 9.0.15 or higher for Android.
- collector/nvd-index
- vendor/mitel
- canonical/mitel micollab