First published: Fri Sep 25 2020(Updated: )
The Ignite portal in Mitel MiContact Center Business before 9.3.0.0 could allow an attacker to execute arbitrary scripts due to insufficient input validation, aka XSS. A successful exploit could allow an attacker to gain access to a user session.
Credit: cve@mitre.org
Affected Software | Affected Version | How to fix |
---|---|---|
Mitel MiContact Center Business | <9.3.0.0 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
The vulnerability ID for this security issue in Mitel MiContact Center Business is CVE-2020-24692.
The severity level of CVE-2020-24692 is high with a CVSS score of 7.1.
The affected software version range for CVE-2020-24692 is up to exclusive version 9.3.0.0 of Mitel MiContact Center Business.
CVE-2020-24692 poses a risk of arbitrary script execution, allowing an attacker to gain access to a user session.
Yes, you can find references for CVE-2020-24692 at the following links: 1. [Mitel Security Advisories](https://www.mitel.com/support/security-advisories) 2. [Mitel Product Security Advisory 20-0011](https://www.mitel.com/support/security-advisories/mitel-product-security-advisory-20-0011)